Emerson

Deltav

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2021-44463

  • EPSS 0.04%
  • Veröffentlicht 28.01.2022 20:15:12
  • Zuletzt bearbeitet 17.04.2025 16:15:24

Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.

6.5

CVE-2018-19021

  • EPSS 0.5%
  • Veröffentlicht 25.01.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:10

A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.

7.8

CVE-2018-14797

  • EPSS 0.23%
  • Veröffentlicht 23.08.2018 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:49:48

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

7.8

CVE-2018-14791

  • EPSS 0.08%
  • Veröffentlicht 23.08.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:48

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.

8.8

CVE-2018-14795

  • EPSS 1.8%
  • Veröffentlicht 21.08.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:49:48

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

8.8

CVE-2018-14793

  • EPSS 0.25%
  • Veröffentlicht 21.08.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:48

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.

6.8

CVE-2016-9345

  • EPSS 0.21%
  • Veröffentlicht 13.02.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.

4.6

CVE-2014-2349

  • EPSS 0.09%
  • Veröffentlicht 22.05.2014 20:55:06
  • Zuletzt bearbeitet 03.10.2025 16:16:14

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

7.5

CVE-2014-2350

  • EPSS 0.35%
  • Veröffentlicht 22.05.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

5

CVE-2012-3035

  • EPSS 0.74%
  • Veröffentlicht 01.10.2012 18:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port.