6.2
CVE-2014-2349
- EPSS 0.11%
- Veröffentlicht 22.05.2014 20:55:06
- Zuletzt bearbeitet 31.10.2025 23:15:31
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.297 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 6.2 | 3.1 | 9.2 |
AV:L/AC:L/Au:S/C:N/I:C/A:C
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.