Filtered by vendor Emerson
Subscribe
Total
83 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | |||||
CVE-2020-6970 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | |||||
CVE-2020-27254 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | |||||
CVE-2020-19419 | 1 Emerson | 2 Smart Wireless Gateway 1420, Smart Wireless Gateway 1420 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | |||||
CVE-2020-19417 | 1 Emerson | 2 Wireless 1420 Gateway, Wireless 1420 Gateway Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. | |||||
CVE-2020-16235 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 2.1 LOW | 3.8 LOW |
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | |||||
CVE-2020-12525 | 4 Emerson, Pepperl-fuchs, Wago and 1 more | 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | |||||
CVE-2020-12030 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more | 2024-11-21 | 6.8 MEDIUM | 10.0 CRITICAL |
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||||
CVE-2020-10640 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | |||||
CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | |||||
CVE-2020-10632 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | |||||
CVE-2019-13524 | 1 Emerson | 18 Rx3i Cpe100, Rx3i Cpe100 Firmware, Rx3i Cpe115 and 15 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. | |||||
CVE-2019-12167 | 1 Emerson | 2 Liebert Challenger, Liebert Challenger Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. | |||||
CVE-2019-10967 | 1 Emerson | 2 Ovation Ocr400, Ovation Ocr400 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. | |||||
CVE-2019-10965 | 1 Emerson | 2 Ovation Ocr400, Ovation Ocr400 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. | |||||
CVE-2018-5452 | 1 Emerson | 2 Controlwave Micro, Controlwave Micro Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode. | |||||
CVE-2018-19021 | 1 Emerson | 1 Deltav | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. | |||||
CVE-2018-14808 | 1 Emerson | 1 Ams Device Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. | |||||
CVE-2018-14804 | 1 Emerson | 1 Ams Device Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. | |||||
CVE-2018-14797 | 1 Emerson | 1 Deltav | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. |