CVE-2014-2349

EPSS 0.11%
Veröffentlicht 22.05.2014 20:55:06
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Emerson DeltaV Use of Improper Authorization

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emerson ≫ Deltav Version10.3.1

Emerson ≫ Deltav Version11.3

Emerson ≫ Deltav Version11.3.1

Emerson ≫ Deltav Version12.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.297

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov	6.2	3.1	9.2	AV:L/AC:L/Au:S/C:N/I:C/A:C

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02

Third Party Advisory

US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02

https://nvd.nist.gov/vuln/detail/CVE-2014-2349

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2349

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2349

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-2349