Vulnerabilities (CVE)

Filtered by vendor Emerson Subscribe
Filtered by product Deltav Distributed Control System
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29965 1 Emerson 49 Deltav Distributed Control System, Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware and 46 more 2024-11-21 N/A 5.5 MEDIUM
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
CVE-2022-29957 1 Emerson 1 Deltav Distributed Control System 2024-11-21 N/A 7.8 HIGH
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
CVE-2021-26264 1 Emerson 2 Deltav Distributed Control System, Deltav Workstation 2024-11-21 4.9 MEDIUM 6.1 MEDIUM
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.