6.5

CVE-2018-19021

A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EmersonDeltav Version >= r5.1 <= r6
EmersonDeltav Version11.3.1
EmersonDeltav Version11.3.2
EmersonDeltav Version12.3.1
EmersonDeltav Version13.3.1
EmersonDeltav Version14.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.647
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:N/I:N/A:P
CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

http://www.securityfocus.com/bid/106522
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01
Third Party Advisory
US Government Resource