5.5

CVE-2022-29960

EPSS 0.09%
Veröffentlicht 26.07.2022 22:15:11
Zuletzt bearbeitet 21.11.2024 07:00:04
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emerson ≫ Openbsi Version < 5.9

Emerson ≫ Openbsi Version5.9 Update-

Emerson ≫ Openbsi Version5.9 Updatesp1

Emerson ≫ Openbsi Version5.9 Updatesp2

Emerson ≫ Openbsi Version5.9 Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Third Party Advisory

US Government Resource

Not Applicable

https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-29960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29960

EUVD