CVE-2022-29962

Description

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

Related CPE's

oemersondeltav_distributed_control_system_sq_controller_firmware********

hemersondeltav_distributed_control_system_sq_controller-*******

oemersondeltav_distributed_control_system_sx_controller_firmware********

hemersondeltav_distributed_control_system_sx_controller-*******

oemersonse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmware********

hemersonse4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block-*******

oemersonse4003s2b4_16-pin_mass_i\/o_terminal_block_firmware********

hemersonse4003s2b4_16-pin_mass_i\/o_terminal_block-*******

oemersonse4003s2b524-pin_mass_i\/o_terminal_block_firmware********

hemersonse4003s2b524-pin_mass_i\/o_terminal_block-*******

References

https://www.forescout.com/blog/

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Third Party AdvisoryUS Government Resource

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io