5.5

CVE-2022-29960

EPSS 0.09%
Published 26.07.2022 22:15:11
Last modified 21.11.2024 07:00:04
Source cve@mitre.org
Teams watchlist Login
Open Login

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ Openbsi Version < 5.9

Emerson ≫ Openbsi Version5.9 Update-

Emerson ≫ Openbsi Version5.9 Updatesp1

Emerson ≫ Openbsi Version5.9 Updatesp2

Emerson ≫ Openbsi Version5.9 Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Third Party Advisory

US Government Resource

Not Applicable

https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-29960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29960

EUVD