CVE DATABASE / CVE-2022-29964
CVE-2022-29964
CVSS 5.5 · MEDIUM
Summary
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Emerson deltav distributed control system sq controller firmwareEmerson deltav distributed control system sq controllerEmerson deltav distributed control system sx controller firmwareEmerson deltav distributed control system sx controllerEmerson se4002s1t2b6 high side 40-pin mass i\/o terminal block firmwareEmerson se4002s1t2b6 high side 40-pin mass i\/o terminal blockEmerson se4003s2b4 16-pin mass i\/o terminal block firmwareEmerson se4003s2b4 16-pin mass i\/o terminal blockEmerson se4003s2b524-pin mass i\/o terminal block firmwareEmerson se4003s2b524-pin mass i\/o terminal blockEmerson se4017p0 h1 i\/o interface card and terminl block firmwareEmerson se4017p0 h1 i\/o interface card and terminl blockEmerson se4017p1 h1 i\/o card with integrated power firmwareEmerson se4017p1 h1 i\/o card with integrated powerEmerson se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblock firmwareEmerson se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblockEmerson se4026 virtual i\/o module 2 firmwareEmerson se4026 virtual i\/o module 2Emerson se4027 virtual i\/o module 2 firmwareEmerson se4027 virtual i\/o module 2
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.