5.5

CVE-2022-29965

EPSS 0.04%
Published 26.07.2022 22:15:11
Last modified 21.11.2024 07:00:04
Source cve@mitre.org
Teams watchlist Login
Open Login

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ Deltav Distributed Control System Version <= 2022-04-29

Emerson ≫ Deltav Distributed Control System Sq Controller Firmware Version <= 2022-04-29

Emerson ≫ Deltav Distributed Control System Sq Controller Version-

Emerson ≫ Deltav Distributed Control System Sx Controller Firmware Version <= 2022-04-29

Emerson ≫ Deltav Distributed Control System Sx Controller Version-

Emerson ≫ Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4003s2b4 16-pin Mass I/o Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4003s2b4 16-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4003s2b524-pin Mass I/o Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4003s2b524-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4017p0 H1 I/o Interface Card And Terminl Block Firmware Version <= 2022-04-29

Emerson ≫ Se4017p0 H1 I/o Interface Card And Terminl Block Version-

Emerson ≫ Se4017p1 H1 I/o Card With Integrated Power Firmware Version <= 2022-04-29

Emerson ≫ Se4017p1 H1 I/o Card With Integrated Power Version-

Emerson ≫ Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware Version <= 2022-04-29

Emerson ≫ Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock Version-

Emerson ≫ Se4026 Virtual I/o Module 2 Firmware Version <= 2022-04-29

Emerson ≫ Se4026 Virtual I/o Module 2 Version-

Emerson ≫ Se4027 Virtual I/o Module 2 Firmware Version <= 2022-04-29

Emerson ≫ Se4027 Virtual I/o Module 2 Version-

Emerson ≫ Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Version-

Emerson ≫ Se4037p0 H1 I/o Interface Card And Terminl Block Firmware Version <= 2022-04-29

Emerson ≫ Se4037p0 H1 I/o Interface Card And Terminl Block Version-

Emerson ≫ Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block Version-

Emerson ≫ Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware Version <= 2022-04-29

Emerson ≫ Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock Version-

Emerson ≫ Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware Version <= 2022-04-29

Emerson ≫ Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Version-

Emerson ≫ Se4100 Simplex Ethernet I/o Card (eioc) Assembly Firmware Version <= 2022-04-29

Emerson ≫ Se4100 Simplex Ethernet I/o Card (eioc) Assembly Version-

Emerson ≫ Se4101 Simplex Ethernet I/o Card (eioc) Assembly Firmware Version <= 2022-04-29

Emerson ≫ Se4101 Simplex Ethernet I/o Card (eioc) Assembly Version-

Emerson ≫ Se4801t0x Redundant Wireless I/o Card Firmware Version <= 2022-04-29

Emerson ≫ Se4801t0x Redundant Wireless I/o Card Version-

Emerson ≫ Ve4103 Modbus Tcp Interface For Ethernet Connected I/o (eioc) Firmware Version <= 2022-04-29

Emerson ≫ Ve4103 Modbus Tcp Interface For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4104 Ethernet/ip Control Tag Integration For Ethernet Connected I/o (eioc) Firmware Version <= 2022-04-29

Emerson ≫ Ve4104 Ethernet/ip Control Tag Integration For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc) Firmware Version <= 2022-04-29

Emerson ≫ Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc) Firmware Version <= 2022-04-29

Emerson ≫ Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/o (eioc) Firmware Version <= 2022-04-29

Emerson ≫ Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/o (eioc) Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-29965

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29965

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29965

EUVD