7.8

CVE-2022-30260

EPSS 0.03%
Published 26.12.2022 06:15:10
Last modified 21.11.2024 07:02:27
Source cve@mitre.org
Teams watchlist Login
Open Login

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ Deltav Distributed Control System Sq Controller Firmware Version < 14.3

Emerson ≫ Deltav Distributed Control System Sq Controller Version-

Emerson ≫ Deltav Distributed Control System Sx Controller Firmware Version < 14.3

Emerson ≫ Deltav Distributed Control System Sx Controller Version-

Emerson ≫ Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware Version < 14.3

Emerson ≫ Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4003s2b4 16-pin Mass I/o Terminal Block Firmware Version < 14.3

Emerson ≫ Se4003s2b4 16-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4003s2b524-pin Mass I/o Terminal Block Firmware Version < 14.3

Emerson ≫ Se4003s2b524-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4017p0 H1 I/o Interface Card And Terminl Block Firmware Version < 14.3

Emerson ≫ Se4017p0 H1 I/o Interface Card And Terminl Block Version-

Emerson ≫ Se4017p1 H1 I/o Card With Integrated Power Firmware Version < 14.3

Emerson ≫ Se4017p1 H1 I/o Card With Integrated Power Version-

Emerson ≫ Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware Version < 14.3

Emerson ≫ Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock Version-

Emerson ≫ Se4026 Virtual I/o Module 2 Firmware Version < 14.3

Emerson ≫ Se4026 Virtual I/o Module 2 Version-

Emerson ≫ Se4027 Virtual I/o Module 2 Firmware Version < 14.3

Emerson ≫ Se4027 Virtual I/o Module 2 Version-

Emerson ≫ Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware Version < 14.3

Emerson ≫ Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Version-

Emerson ≫ Se4037p0 H1 I/o Interface Card And Terminl Block Firmware Version < 14.3

Emerson ≫ Se4037p0 H1 I/o Interface Card And Terminl Block Version-

Emerson ≫ Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block Firmware Version < 14.3

Emerson ≫ Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block Version-

Emerson ≫ Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware Version < 14.3

Emerson ≫ Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock Version-

Emerson ≫ Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware Version < 14.3

Emerson ≫ Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block Version-

Emerson ≫ Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware Version < 14.3

Emerson ≫ Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Version-

Emerson ≫ Se4100 Simplex Ethernet I/o Card (eioc) Assembly Firmware Version < 14.3

Emerson ≫ Se4100 Simplex Ethernet I/o Card (eioc) Assembly Version-

Emerson ≫ Se4101 Simplex Ethernet I/o Card (eioc) Assembly Firmware Version < 14.3

Emerson ≫ Se4101 Simplex Ethernet I/o Card (eioc) Assembly Version-

Emerson ≫ Se4801t0x Redundant Wireless I/o Card Firmware Version < 14.3

Emerson ≫ Se4801t0x Redundant Wireless I/o Card Version-

Emerson ≫ Ve4103 Modbus Tcp Interface For Ethernet Connected I/o (eioc) Firmware Version < 14.3

Emerson ≫ Ve4103 Modbus Tcp Interface For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4104 Ethernet/ip Control Tag Integration For Ethernet Connected I/o (eioc) Firmware Version < 14.3

Emerson ≫ Ve4104 Ethernet/ip Control Tag Integration For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc) Firmware Version < 14.3

Emerson ≫ Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc) Firmware Version < 14.3

Emerson ≫ Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc) Version-

Emerson ≫ Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/o (eioc) Firmware Version < 14.3

Emerson ≫ Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/o (eioc) Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.073

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.forescout.com/blog/

Third Party Advisory

Not Applicable

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-30260

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30260

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30260

EUVD