Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    191 vulnerabilities by Emerson

    CVE-2022-50930 (GCVE-0-2022-50930)

    Vulnerability from nvd – Published: 2026-01-13 22:51 – Updated: 2026-01-14 15:29
    VLAI
    Title
    Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path
    Summary
    Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Date Public
    2022-02-13 00:00
    Credits
    Luis Martinez
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-50930",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T15:29:44.423568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T15:29:51.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emerson PAC Machine Edition",
              "vendor": "Emerson",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.80"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luis Martinez"
            }
          ],
          "datePublic": "2022-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T22:51:58.910Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-50745",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/50745"
            },
            {
              "name": "Emerson Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.emerson.com/en-us"
            },
            {
              "name": "Software Download Link",
              "tags": [
                "product"
              ],
              "url": "https://www.opertek.com/descargar-software/?prc=_326"
            },
            {
              "name": "VulnCheck Advisory: Emerson PAC Machine Edition 9.80 Build 8695 - \u0027TrapiServer\u0027 Unquoted Service Path",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/emerson-pac-machine-edition-build-trapiserver-unquoted-service-path"
            }
          ],
          "title": "Emerson PAC Machine Edition 9.80 Build 8695 - \u0027TrapiServer\u0027 Unquoted Service Path",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2022-50930",
        "datePublished": "2026-01-13T22:51:58.910Z",
        "dateReserved": "2026-01-11T13:34:26.328Z",
        "dateUpdated": "2026-01-14T15:29:51.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53471 (GCVE-0-2025-53471)

    Vulnerability from nvd – Published: 2025-07-10 23:45 – Updated: 2026-06-04 20:45
    VLAI
    Title
    Emerson ValveLink Products Improper Input Validation
    Summary
    Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:29:05.416717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:29:12.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink products \nreceive input or data, but does not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."
                }
              ],
              "value": "Emerson ValveLink products \nreceive input or data, but does not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T20:45:43.072Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-189-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-53471",
        "datePublished": "2025-07-10T23:45:39.592Z",
        "dateReserved": "2025-06-30T14:34:56.244Z",
        "dateUpdated": "2026-06-04T20:45:43.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52579 (GCVE-0-2025-52579)

    Vulnerability from nvd – Published: 2025-07-10 23:37 – Updated: 2025-07-11 13:55
    VLAI
    Title
    Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
    Summary
    Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:55:09.770121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:55:15.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink Products store sensitive information in cleartext in memory. The \nsensitive memory might be saved to disk, stored in a core dump, or \nremain uncleared if the product crashes, or if the programmer does not \nproperly clear the memory before freeing it."
                }
              ],
              "value": "Emerson ValveLink Products store sensitive information in cleartext in memory. The \nsensitive memory might be saved to disk, stored in a core dump, or \nremain uncleared if the product crashes, or if the programmer does not \nproperly clear the memory before freeing it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "CWE-316",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:47:22.866Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-52579",
        "datePublished": "2025-07-10T23:37:21.515Z",
        "dateReserved": "2025-06-30T14:34:56.212Z",
        "dateUpdated": "2025-07-11T13:55:15.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50109 (GCVE-0-2025-50109)

    Vulnerability from nvd – Published: 2025-07-10 23:39 – Updated: 2025-07-11 13:54
    VLAI
    Title
    Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
    Summary
    Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:54:46.838203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:54:53.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink Products store\nsensitive information in cleartext within a resource that might be accessible to another control sphere."
                }
              ],
              "value": "Emerson ValveLink Products store\nsensitive information in cleartext within a resource that might be accessible to another control sphere."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "CWE-316",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:39:11.220Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-50109",
        "datePublished": "2025-07-10T23:39:11.220Z",
        "dateReserved": "2025-06-30T14:34:56.221Z",
        "dateUpdated": "2025-07-11T13:54:53.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48496 (GCVE-0-2025-48496)

    Vulnerability from nvd – Published: 2025-07-10 23:43 – Updated: 2025-07-11 13:54
    VLAI
    Title
    Emerson ValveLink Products Uncontrolled Search Path Element
    Summary
    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:53:53.258810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:54:00.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink products \nuse a fixed or controlled search path to find resources, but one or \nmore locations in that path can be under the control of unintended \nactors."
                }
              ],
              "value": "Emerson ValveLink products \nuse a fixed or controlled search path to find resources, but one or \nmore locations in that path can be under the control of unintended \nactors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:43:33.592Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Uncontrolled Search Path Element",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-48496",
        "datePublished": "2025-07-10T23:43:33.592Z",
        "dateReserved": "2025-06-30T14:34:56.236Z",
        "dateUpdated": "2025-07-11T13:54:00.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46358 (GCVE-0-2025-46358)

    Vulnerability from nvd – Published: 2025-07-10 23:41 – Updated: 2025-07-11 13:54
    VLAI
    Title
    Emerson ValveLink Products Protection Mechanism Failure
    Summary
    Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:54:19.712968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:54:26.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink products \ndo not use or incorrectly uses a protection mechanism that provides \nsufficient defense against directed attacks against the product."
                }
              ],
              "value": "Emerson ValveLink products \ndo not use or incorrectly uses a protection mechanism that provides \nsufficient defense against directed attacks against the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:41:25.965Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Protection Mechanism Failure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-46358",
        "datePublished": "2025-07-10T23:41:25.965Z",
        "dateReserved": "2025-06-30T14:34:56.228Z",
        "dateUpdated": "2025-07-11T13:54:26.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1156 (GCVE-0-2024-1156)

    Vulnerability from nvd – Published: 2024-02-20 14:37 – Updated: 2024-08-26 16:53
    VLAI
    Summary
    Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI SystemLink Server Affected: 0 , ≤ 2023 Q3 (custom)
    Create a notification for this product.
    NI FlexLogger Affected: 0 , ≤ 2022 Q3 (custom)
    Create a notification for this product.
    ni flexlogger Affected: 0 , ≤ 2022_q3 (custom)
        cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*
    Create a notification for this product.
    ni systemlink Affected: 0 , ≤ 2023_q3 (custom)
        cpe:2.3:a:ni:systemlink:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flexlogger",
                "vendor": "ni",
                "versions": [
                  {
                    "lessThanOrEqual": "2022_q3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ni:systemlink:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "systemlink",
                "vendor": "ni",
                "versions": [
                  {
                    "lessThanOrEqual": "2023_q3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T16:33:13.523683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:53:40.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SystemLink Server",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2023 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "FlexLogger",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2022 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
                }
              ],
              "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T14:37:07.095Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2024-1156",
        "datePublished": "2024-02-20T14:37:07.095Z",
        "dateReserved": "2024-02-01T14:26:04.700Z",
        "dateUpdated": "2024-08-26T16:53:40.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1155 (GCVE-0-2024-1155)

    Vulnerability from nvd – Published: 2024-02-20 14:34 – Updated: 2024-08-01 18:26
    VLAI
    Title
    Incorrect permissions for shared NI SystemLink Elixir based services
    Summary
    Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI SystemLink Server Affected: 0 , ≤ 2023 Q3 (custom)
    Create a notification for this product.
    NI FlexLogger Affected: 0 , ≤ 2022 Q3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1155",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T18:08:51.196119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:58.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SystemLink Server",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2023 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "FlexLogger",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2022 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \u003cbr\u003e"
                }
              ],
              "value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T14:34:08.556Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect permissions for shared NI SystemLink Elixir based services",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2024-1155",
        "datePublished": "2024-02-20T14:34:08.556Z",
        "dateReserved": "2024-02-01T14:25:54.006Z",
        "dateUpdated": "2024-08-01T18:26:30.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51761 (GCVE-0-2023-51761)

    Vulnerability from nvd – Published: 2024-02-09 03:41 – Updated: 2025-06-10 18:52
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:11:47.314496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:48.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:48:11.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T18:52:34.491Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page."
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-51761",
        "datePublished": "2024-02-09T03:41:37.457Z",
        "dateReserved": "2024-01-03T00:41:24.585Z",
        "dateUpdated": "2025-06-10T18:52:34.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49716 (GCVE-0-2023-49716)

    Vulnerability from nvd – Published: 2024-02-09 03:45 – Updated: 2025-06-17 21:29
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-11T17:07:50.900513Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:29.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T03:45:37.621Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nEmerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page.\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-49716",
        "datePublished": "2024-02-09T03:45:37.621Z",
        "dateReserved": "2024-01-03T00:41:24.597Z",
        "dateUpdated": "2025-06-17T21:29:29.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46687 (GCVE-0-2023-46687)

    Vulnerability from nvd – Published: 2024-02-09 03:49 – Updated: 2025-06-17 21:29
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46687",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T16:54:56.679793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:29.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\n\nIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T03:49:28.352Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nEmerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page.\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46687",
        "datePublished": "2024-02-09T03:49:28.352Z",
        "dateReserved": "2024-01-03T00:41:24.578Z",
        "dateUpdated": "2025-06-17T21:29:29.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43609 (GCVE-0-2023-43609)

    Vulnerability from nvd – Published: 2024-02-09 03:52 – Updated: 2025-06-10 18:52
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:00:54.881050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:48.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:44:43.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T18:52:01.605Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page."
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-43609",
        "datePublished": "2024-02-09T03:52:03.096Z",
        "dateReserved": "2024-01-03T00:41:24.590Z",
        "dateUpdated": "2025-06-10T18:52:01.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-50930 (GCVE-0-2022-50930)

    Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-01-14 15:29
    VLAI
    Title
    Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path
    Summary
    Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Date Public
    2022-02-13 00:00
    Credits
    Luis Martinez
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-50930",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T15:29:44.423568Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T15:29:51.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emerson PAC Machine Edition",
              "vendor": "Emerson",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.80"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Luis Martinez"
            }
          ],
          "datePublic": "2022-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T22:51:58.910Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-50745",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/50745"
            },
            {
              "name": "Emerson Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.emerson.com/en-us"
            },
            {
              "name": "Software Download Link",
              "tags": [
                "product"
              ],
              "url": "https://www.opertek.com/descargar-software/?prc=_326"
            },
            {
              "name": "VulnCheck Advisory: Emerson PAC Machine Edition 9.80 Build 8695 - \u0027TrapiServer\u0027 Unquoted Service Path",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/emerson-pac-machine-edition-build-trapiserver-unquoted-service-path"
            }
          ],
          "title": "Emerson PAC Machine Edition 9.80 Build 8695 - \u0027TrapiServer\u0027 Unquoted Service Path",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2022-50930",
        "datePublished": "2026-01-13T22:51:58.910Z",
        "dateReserved": "2026-01-11T13:34:26.328Z",
        "dateUpdated": "2026-01-14T15:29:51.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53471 (GCVE-0-2025-53471)

    Vulnerability from cvelistv5 – Published: 2025-07-10 23:45 – Updated: 2026-06-04 20:45
    VLAI
    Title
    Emerson ValveLink Products Improper Input Validation
    Summary
    Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Unaffected: ValveLink 14.0
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:29:05.416717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:29:12.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "ValveLink 14.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink products \nreceive input or data, but does not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."
                }
              ],
              "value": "Emerson ValveLink products \nreceive input or data, but does not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T20:45:43.072Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-189-01.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-53471",
        "datePublished": "2025-07-10T23:45:39.592Z",
        "dateReserved": "2025-06-30T14:34:56.244Z",
        "dateUpdated": "2026-06-04T20:45:43.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48496 (GCVE-0-2025-48496)

    Vulnerability from cvelistv5 – Published: 2025-07-10 23:43 – Updated: 2025-07-11 13:54
    VLAI
    Title
    Emerson ValveLink Products Uncontrolled Search Path Element
    Summary
    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:53:53.258810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:54:00.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink products \nuse a fixed or controlled search path to find resources, but one or \nmore locations in that path can be under the control of unintended \nactors."
                }
              ],
              "value": "Emerson ValveLink products \nuse a fixed or controlled search path to find resources, but one or \nmore locations in that path can be under the control of unintended \nactors."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:43:33.592Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Uncontrolled Search Path Element",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-48496",
        "datePublished": "2025-07-10T23:43:33.592Z",
        "dateReserved": "2025-06-30T14:34:56.236Z",
        "dateUpdated": "2025-07-11T13:54:00.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46358 (GCVE-0-2025-46358)

    Vulnerability from cvelistv5 – Published: 2025-07-10 23:41 – Updated: 2025-07-11 13:54
    VLAI
    Title
    Emerson ValveLink Products Protection Mechanism Failure
    Summary
    Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:54:19.712968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:54:26.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink products \ndo not use or incorrectly uses a protection mechanism that provides \nsufficient defense against directed attacks against the product."
                }
              ],
              "value": "Emerson ValveLink products \ndo not use or incorrectly uses a protection mechanism that provides \nsufficient defense against directed attacks against the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:41:25.965Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Protection Mechanism Failure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-46358",
        "datePublished": "2025-07-10T23:41:25.965Z",
        "dateReserved": "2025-06-30T14:34:56.228Z",
        "dateUpdated": "2025-07-11T13:54:26.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-50109 (GCVE-0-2025-50109)

    Vulnerability from cvelistv5 – Published: 2025-07-10 23:39 – Updated: 2025-07-11 13:54
    VLAI
    Title
    Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
    Summary
    Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-50109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:54:46.838203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:54:53.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink Products store\nsensitive information in cleartext within a resource that might be accessible to another control sphere."
                }
              ],
              "value": "Emerson ValveLink Products store\nsensitive information in cleartext within a resource that might be accessible to another control sphere."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "CWE-316",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:39:11.220Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-50109",
        "datePublished": "2025-07-10T23:39:11.220Z",
        "dateReserved": "2025-06-30T14:34:56.221Z",
        "dateUpdated": "2025-07-11T13:54:53.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-52579 (GCVE-0-2025-52579)

    Vulnerability from cvelistv5 – Published: 2025-07-10 23:37 – Updated: 2025-07-11 13:55
    VLAI
    Title
    Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
    Summary
    Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson ValveLink SOLO Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink DTM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink PRM Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Emerson ValveLink SNAP-ON Affected: 0 , < ValveLink 14.0 (custom)
    Create a notification for this product.
    Credits
    Emerson reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-11T13:55:09.770121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-11T13:55:15.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SOLO",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink DTM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink PRM",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ValveLink SNAP-ON",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThan": "ValveLink 14.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Emerson reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson ValveLink Products store sensitive information in cleartext in memory. The \nsensitive memory might be saved to disk, stored in a core dump, or \nremain uncleared if the product crashes, or if the programmer does not \nproperly clear the memory before freeing it."
                }
              ],
              "value": "Emerson ValveLink Products store sensitive information in cleartext in memory. The \nsensitive memory might be saved to disk, stored in a core dump, or \nremain uncleared if the product crashes, or if the programmer does not \nproperly clear the memory before freeing it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-316",
                  "description": "CWE-316",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-10T23:47:22.866Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
            },
            {
              "url": "https://www.emerson.com/en-us/support/security-notifications"
            },
            {
              "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
            }
          ],
          "source": {
            "advisory": "ICSA-25-189-01",
            "discovery": "INTERNAL"
          },
          "title": "Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-52579",
        "datePublished": "2025-07-10T23:37:21.515Z",
        "dateReserved": "2025-06-30T14:34:56.212Z",
        "dateUpdated": "2025-07-11T13:55:15.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1156 (GCVE-0-2024-1156)

    Vulnerability from cvelistv5 – Published: 2024-02-20 14:37 – Updated: 2024-08-26 16:53
    VLAI
    Summary
    Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI SystemLink Server Affected: 0 , ≤ 2023 Q3 (custom)
    Create a notification for this product.
    NI FlexLogger Affected: 0 , ≤ 2022 Q3 (custom)
    Create a notification for this product.
    ni flexlogger Affected: 0 , ≤ 2022_q3 (custom)
        cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*
    Create a notification for this product.
    ni systemlink Affected: 0 , ≤ 2023_q3 (custom)
        cpe:2.3:a:ni:systemlink:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "flexlogger",
                "vendor": "ni",
                "versions": [
                  {
                    "lessThanOrEqual": "2022_q3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:ni:systemlink:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "systemlink",
                "vendor": "ni",
                "versions": [
                  {
                    "lessThanOrEqual": "2023_q3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T16:33:13.523683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:53:40.189Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SystemLink Server",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2023 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "FlexLogger",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2022 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
                }
              ],
              "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T14:37:07.095Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2024-1156",
        "datePublished": "2024-02-20T14:37:07.095Z",
        "dateReserved": "2024-02-01T14:26:04.700Z",
        "dateUpdated": "2024-08-26T16:53:40.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1155 (GCVE-0-2024-1155)

    Vulnerability from cvelistv5 – Published: 2024-02-20 14:34 – Updated: 2024-08-01 18:26
    VLAI
    Title
    Incorrect permissions for shared NI SystemLink Elixir based services
    Summary
    Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    NI
    Impacted products
    Vendor Product Version
    NI SystemLink Server Affected: 0 , ≤ 2023 Q3 (custom)
    Create a notification for this product.
    NI FlexLogger Affected: 0 , ≤ 2022 Q3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1155",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T18:08:51.196119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:58.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "SystemLink Server",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2023 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "FlexLogger",
              "vendor": "NI",
              "versions": [
                {
                  "lessThanOrEqual": "2022 Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \u003cbr\u003e"
                }
              ],
              "value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-20T14:34:08.556Z",
            "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
            "shortName": "NI"
          },
          "references": [
            {
              "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect permissions for shared NI SystemLink Elixir based services",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "assignerShortName": "NI",
        "cveId": "CVE-2024-1155",
        "datePublished": "2024-02-20T14:34:08.556Z",
        "dateReserved": "2024-02-01T14:25:54.006Z",
        "dateUpdated": "2024-08-01T18:26:30.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43609 (GCVE-0-2023-43609)

    Vulnerability from cvelistv5 – Published: 2024-02-09 03:52 – Updated: 2025-06-10 18:52
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:00:54.881050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:48.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:44:43.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T18:52:01.605Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page."
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-43609",
        "datePublished": "2024-02-09T03:52:03.096Z",
        "dateReserved": "2024-01-03T00:41:24.590Z",
        "dateUpdated": "2025-06-10T18:52:01.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46687 (GCVE-0-2023-46687)

    Vulnerability from cvelistv5 – Published: 2024-02-09 03:49 – Updated: 2025-06-17 21:29
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46687",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T16:54:56.679793Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:29.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\n\nIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T03:49:28.352Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nEmerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page.\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46687",
        "datePublished": "2024-02-09T03:49:28.352Z",
        "dateReserved": "2024-01-03T00:41:24.578Z",
        "dateUpdated": "2025-06-17T21:29:29.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49716 (GCVE-0-2023-49716)

    Vulnerability from cvelistv5 – Published: 2024-02-09 03:45 – Updated: 2025-06-17 21:29
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-11T17:07:50.900513Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:29.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T03:45:37.621Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nEmerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page.\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-49716",
        "datePublished": "2024-02-09T03:45:37.621Z",
        "dateReserved": "2024-01-03T00:41:24.597Z",
        "dateUpdated": "2025-06-17T21:29:29.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51761 (GCVE-0-2023-51761)

    Vulnerability from cvelistv5 – Published: 2024-02-09 03:41 – Updated: 2025-06-10 18:52
    VLAI
    Title
    Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication
    Summary
    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Emerson Rosemount GC370XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC700XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Emerson Rosemount GC1500XA Affected: 0 , ≤ Version 4.1.5 (custom)
    Create a notification for this product.
    Date Public
    2024-01-30 17:00
    Credits
    Vera Mens of Claroty Research reported these vulnerabilities to Emerson.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:11:47.314496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:48.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:48:11.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC370XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC700XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rosemount GC1500XA",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "Version 4.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Vera Mens of Claroty Research reported these vulnerabilities to Emerson."
            }
          ],
          "datePublic": "2024-01-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T18:52:34.491Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01"
            },
            {
              "url": "https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEmerson recommends end users update the affected products\u0027 firmware. For update information, contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eEmerson Tech Support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user\u0027s network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet. For more information, refer to the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson Security\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;web page.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Emerson recommends end users update the affected products\u0027 firmware. For update information, contact  Emerson Security https://www.emerson.com/en-us/support/security-notifications \u00a0web page."
            }
          ],
          "source": {
            "advisory": "ICSA-24-030-01",
            "discovery": "EXTERNAL"
          },
          "title": "Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authentication",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-51761",
        "datePublished": "2024-02-09T03:41:37.457Z",
        "dateReserved": "2024-01-03T00:41:24.585Z",
        "dateUpdated": "2025-06-10T18:52:34.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202012-0641

    Vulnerability from variot - Updated: 2024-02-13 22:46

    Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. Rosemount X-STREAM Is Emerson It is a gas analyzer provided by the company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202012-0641",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "x-stream enhanced xefd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "*"
          },
          {
            "model": "x-stream enhanced xegk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "*"
          },
          {
            "model": "x-stream enhanced xexf",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "*"
          },
          {
            "model": "x-stream enhanced xegp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "*"
          },
          {
            "model": "rosemount x-stream",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "\u9ad8\u6a5f\u80fd xefd \u3059\u3079\u3066"
          },
          {
            "model": "rosemount x-stream",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "\u9ad8\u6a5f\u80fd xegk \u3059\u3079\u3066"
          },
          {
            "model": "rosemount x-stream",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "\u9ad8\u6a5f\u80fd xegp \u3059\u3079\u3066"
          },
          {
            "model": "rosemount x-stream",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "\u9ad8\u6a5f\u80fd xexf \u3059\u3079\u3066"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xegp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xegp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xegk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xegk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xefd_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xefd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:x-stream_enhanced_xexf_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:x-stream_enhanced_xexf:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "cve": "CVE-2020-27254",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-27254",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010091",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-27254",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-010091",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-1306",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-27254",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-27254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF \u2013 all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. Rosemount X-STREAM Is Emerson It is a gas analyzer provided by the company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27254"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-352-01",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU97718282",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4480",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-27254",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-27254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "id": "VAR-202012-0641",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5654762
      },
      "last_update_date": "2024-02-13T22:46:27.376000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Emerson Cyber Security Notification Alert EMR.RMT20003-2",
            "trust": 0.8,
            "url": "https://www.emerson.com/documents/automation/xstream-notification-researcher-response-r1-en-7238504.pdf"
          },
          {
            "title": "X-STREAM enhanced XEGP Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137774"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27254"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97718282"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4480/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27254"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-27254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2020-27254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-12-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27254"
          },
          {
            "date": "2020-12-21T08:53:07",
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "date": "2020-12-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          },
          {
            "date": "2020-12-21T18:15:15.587000",
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-27254"
          },
          {
            "date": "2020-12-21T08:53:07",
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          },
          {
            "date": "2020-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          },
          {
            "date": "2020-12-22T19:30:44.013000",
            "db": "NVD",
            "id": "CVE-2020-27254"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Emerson Made  Rosemount X-STREAM Improper authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010091"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-1306"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202005-1060

    Vulnerability from variot - Updated: 2024-02-13 22:41

    Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric.

    There is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202005-1060",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric openenterprise",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "\u003c=3.3.4"
          },
          {
            "model": "openenterprise scada server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "3.3.4"
          },
          {
            "model": "openenterprise",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "3.3.4 \u306e\u5168\u3066"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:emerson:openenterprise_scada_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.3.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Roman Lozko of Kaspersky",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-10632",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-32663",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "21189bd7-874f-4161-b42a-d22194346b1c",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "83abc14e-eb03-44cf-90b6-cea015740c6c",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-10632",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.0,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004589",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004589",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 10,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004589",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-10632",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2020-10632",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-004589",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-004589",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-004589",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-32663",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-953",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "21189bd7-874f-4161-b42a-d22194346b1c",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "83abc14e-eb03-44cf-90b6-cea015740c6c",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-10632",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. OpenEnterprise Is Emerson Provided by SCADA It is software. OpenEnterprise The following multiple vulnerabilities exist in. * Inappropriate ownership management (CWE-282) - CVE-2020-10632 * Insufficient cryptographic strength (CWE-326) - CVE-2020-10636 * Lack of authentication for important features (CWE-306) - CVE-2020-10640The expected impact depends on each vulnerability, but it may be affected as follows. * Inadequate access permission settings for folders in the system, important configuration files being tampered with by a local third party, resulting in system failure or unexpected behavior - CVE-2020-10632 * By a local third party OpenEnterprise Get the password for your user account - CVE-2020-10636 * Arbitrary commands can be executed with system privileges or arbitrary code can be executed via a specific communication path by a remote third party. - CVE-2020-10640. Emerson Electric OpenEnterprise is a set of data acquisition and monitoring system (SCADA) mainly used for remote oil and gas applications by Emerson Electric. \n\r\n\r\nThere is a security vulnerability in Emerson Electric OpenEnterprise 3.3.4 and earlier versions. The vulnerability results from the program setting unsafe permissions for folders. Attackers can use this vulnerability to modify important configuration files, causing system failures or anomalies. **  ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10632"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10632",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-140-02",
            "trust": 3.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953",
            "trust": 1.0
          },
          {
            "db": "JVN",
            "id": "JVNVU92838573",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "46744",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "21189BD7-874F-4161-B42A-D22194346B1C",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "83ABC14E-EB03-44CF-90B6-CEA015740C6C",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10632",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "id": "VAR-202005-1060",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          }
        ],
        "trust": 1.8000000166666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:41:56.862000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Emerson SupportNet",
            "trust": 0.8,
            "url": "https://www3.emersonprocess.com/remote/support/v3/main.html"
          },
          {
            "title": "Patch for Emerson OpenEnterprise Rights Management Improper Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/221349"
          },
          {
            "title": "Emerson Electric OpenEnterprise Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119025"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-02"
          },
          {
            "trust": 1.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10640"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10632"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10636"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu92838573"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2020-10632/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/46744"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-10632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-19T00:00:00",
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "date": "2020-05-19T00:00:00",
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "date": "2020-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "date": "2022-02-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10632"
          },
          {
            "date": "2020-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "date": "2020-05-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          },
          {
            "date": "2022-02-24T19:15:08.543000",
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-32663"
          },
          {
            "date": "2022-03-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-10632"
          },
          {
            "date": "2020-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          },
          {
            "date": "2022-03-07T19:58:14.080000",
            "db": "NVD",
            "id": "CVE-2020-10632"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Emerson Made  OpenEnterprise Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004589"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "21189bd7-874f-4161-b42a-d22194346b1c"
          },
          {
            "db": "IVD",
            "id": "83abc14e-eb03-44cf-90b6-cea015740c6c"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-953"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-202206-2262

    Vulnerability from variot - Updated: 2024-02-13 22:30

    The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-2262",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "se4003s2b4 16-pin mass i\\/o terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4017p0 h1 i\\/o interface card and terminl block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4017p1 h1 i\\/o card with integrated power",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4027 virtual i\\/o module 2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4026 virtual i\\/o module 2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "deltav distributed control system sq controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4037p0 h1 i\\/o interface card and terminl block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4101 simplex ethernet i\\/o card \\ assembly",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4039p0 redundant h1 4-port plus fieldbus i\\/o interface with terminalblock",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4100 simplex ethernet i\\/o card \\ assembly",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4037p1 redundant h1 i\\/o card with integrated power and terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4002s1t2b6 high side 40-pin mass i\\/o terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4052s1t2b6 high side 40-pin mass i\\/o terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4032s1t2b8 high side 40-pin do mass i\\/o terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "deltav distributed control system sx controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "ve4103 modbus tcp interface for ethernet connected i\\/o \\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "ve4106 opc-ua client for ethernet connected i\\/o \\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4019p0 simplex h1 4-port plus fieldbus i\\/o interface with terminalblock",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "ve4104 ethernet\\/ip control tag integration for ethernet connected i\\/o \\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "ve4107 iec 61850 mms interface for ethernet connected i\\/o \\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4082s1t2b8 high side 40-pin do mass i\\/o terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "ve4105 ethernet\\/ip interface for ethernet connected i\\/o \\",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4003s2b524-pin mass i\\/o terminal block",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4801t0x redundant wireless i\\/o card",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "2022-04-29"
          },
          {
            "model": "se4032s1t2b8 high side 40-pin do mass i/o terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4801t0x redundant wireless i/o card",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4003s2b4 16-pin mass i/o terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4003s2b524-pin mass i/o terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4017p1 h1 i/o card with integrated power",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4052s1t2b6 high side 40-pin mass i/o terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4039p0 redundant h1 4-port plus fieldbus i/o interface with terminalblock",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4101 simplex ethernet i/o card assembly",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4037p0 h1 i/o interface card and terminl block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4082s1t2b8 high side 40-pin do mass i/o terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4100 simplex ethernet i/o card assembly",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4037p1 redundant h1 i/o card with integrated power and terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4027 virtual i/o module 2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4019p0 simplex h1 4-port plus fieldbus i/o interface with terminalblock",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4017p0 h1 i/o card and terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "deltav distributed control system sx \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4026 virtual i/o module 2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "se4002s1t2b6 high side 40-pin mass i/o terminal block",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "deltav distributed control system sq \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "ve4103 modbus tcp interface for ethernet connected i/o",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:deltav_distributed_control_system_sq_controller_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:deltav_distributed_control_system_sq_controller:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:deltav_distributed_control_system_sx_controller_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:deltav_distributed_control_system_sx_controller:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4002s1t2b6_high_side_40-pin_mass_i\\/o_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4002s1t2b6_high_side_40-pin_mass_i\\/o_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4003s2b4_16-pin_mass_i\\/o_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4003s2b4_16-pin_mass_i\\/o_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4003s2b524-pin_mass_i\\/o_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4003s2b524-pin_mass_i\\/o_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4017p0_h1_i\\/o_interface_card_and_terminl_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4017p0_h1_i\\/o_interface_card_and_terminl_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4017p1_h1_i\\/o_card_with_integrated_power_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4017p1_h1_i\\/o_card_with_integrated_power:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\\/o_interface_with_terminalblock_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\\/o_interface_with_terminalblock:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4026_virtual_i\\/o_module_2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4026_virtual_i\\/o_module_2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4027_virtual_i\\/o_module_2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4027_virtual_i\\/o_module_2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4032s1t2b8_high_side_40-pin_do_mass_i\\/o_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4032s1t2b8_high_side_40-pin_do_mass_i\\/o_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4037p0_h1_i\\/o_interface_card_and_terminl_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4037p0_h1_i\\/o_interface_card_and_terminl_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4037p1_redundant_h1_i\\/o_card_with_integrated_power_and_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4037p1_redundant_h1_i\\/o_card_with_integrated_power_and_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4039p0_redundant_h1_4-port_plus_fieldbus_i\\/o_interface_with_terminalblock_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4039p0_redundant_h1_4-port_plus_fieldbus_i\\/o_interface_with_terminalblock:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4052s1t2b6_high_side_40-pin_mass_i\\/o_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4052s1t2b6_high_side_40-pin_mass_i\\/o_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4082s1t2b8_high_side_40-pin_do_mass_i\\/o_terminal_block_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4082s1t2b8_high_side_40-pin_do_mass_i\\/o_terminal_block:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4100_simplex_ethernet_i\\/o_card_\\(eioc\\)_assembly_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4100_simplex_ethernet_i\\/o_card_\\(eioc\\)_assembly:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4101_simplex_ethernet_i\\/o_card_\\(eioc\\)_assembly_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4101_simplex_ethernet_i\\/o_card_\\(eioc\\)_assembly:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\\/o_card_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\\/o_card:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:ve4103_modbus_tcp_interface_for_ethernet_connected_i\\/o_\\(eioc\\)_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:ve4103_modbus_tcp_interface_for_ethernet_connected_i\\/o_\\(eioc\\):-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:ve4104_ethernet\\/ip_control_tag_integration_for_ethernet_connected_i\\/o_\\(eioc\\)_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:ve4104_ethernet\\/ip_control_tag_integration_for_ethernet_connected_i\\/o_\\(eioc\\):-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:ve4105_ethernet\\/ip_interface_for_ethernet_connected_i\\/o_\\(eioc\\)_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:ve4105_ethernet\\/ip_interface_for_ethernet_connected_i\\/o_\\(eioc\\):-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:ve4106_opc-ua_client_for_ethernet_connected_i\\/o_\\(eioc\\)_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:ve4106_opc-ua_client_for_ethernet_connected_i\\/o_\\(eioc\\):-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:ve4107_iec_61850_mms_interface_for_ethernet_connected_i\\/o_\\(eioc\\)_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2022-04-29",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:ve4107_iec_61850_mms_interface_for_ethernet_connected_i\\/o_\\(eioc\\):-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-29964",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-29964",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-29964",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-2915",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29964"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-29964",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-181-03",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU92990931",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071112",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29964",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-29964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "id": "VAR-202206-2262",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-02-13T22:30:03.973000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Emerson DeltaV Distributed Control System Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=202538"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03"
          },
          {
            "trust": 2.4,
            "url": "https://www.forescout.com/blog/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92990931/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29964"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071112"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-29964/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-29964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-29964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "date": "2022-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          },
          {
            "date": "2022-07-26T22:15:11.140000",
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-10-13T04:55:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          },
          {
            "date": "2024-02-13T15:57:56.543000",
            "db": "NVD",
            "id": "CVE-2022-29964"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hardcoded Credentials Usage Vulnerability in Multiple Emerson Products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-017498"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2915"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0005

    Vulnerability from variot - Updated: 2024-02-13 01:59

    There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. Emerson Provides Emerson WirelessHART Gateway Contains improper access control vulnerabilities. Emerson WirelessHART Gateway Is Emerson It is an industrial wireless gateway device provided by

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0005",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wireless 1410 gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "4.6.43"
          },
          {
            "model": "wireless 1552wu gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "4.7.84"
          },
          {
            "model": "wireless 1420 gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "4.7.84"
          },
          {
            "model": "wireless 1552wu gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "4.6.43"
          },
          {
            "model": "wireless 1410 gateway",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "4.7.84"
          },
          {
            "model": "wireless 1420 gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "4.6.43"
          },
          {
            "model": "wireless 1410 gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "revision 4.6.43 \u304b\u3089 4.7.84"
          },
          {
            "model": "wireless 1420 gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "revision 4.6.43 \u304b\u3089 4.7.84"
          },
          {
            "model": "wireless 1552wu gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "emerson",
            "version": "4.6.43 \u304b\u3089 4.7.84"
          },
          {
            "model": "electric wireless gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "emerson",
            "version": "1410\u003e=4.6.43,\u003c=4.7.84"
          },
          {
            "model": "electric wireless gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "emerson",
            "version": "1420\u003e=4.6.43,\u003c=4.7.84"
          },
          {
            "model": "electric wireless 1552wu gateway",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "emerson",
            "version": "4.6.43,\u003c=4.7.84"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.7.84",
                        "versionStartIncluding": "4.6.43",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:wireless_1410_gateway:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.7.84",
                        "versionStartIncluding": "4.6.43",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:wireless_1552wu_gateway_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.7.84",
                        "versionStartIncluding": "4.6.43",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:wireless_1552wu_gateway:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "cve": "CVE-2020-12030",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-36949",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-12030",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 10,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-004483",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-12030",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2020-12030",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-004483",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-36949",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202005-800",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-12030",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "There is a flaw in the code used to configure the internal gateway firewall when the gateway\u0027s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. Emerson Provides Emerson WirelessHART Gateway Contains improper access control vulnerabilities. Emerson WirelessHART Gateway Is Emerson It is an industrial wireless gateway device provided by",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12030"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-135-02",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU94025006",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12030",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "id": "VAR-202109-0005",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          }
        ],
        "trust": 1.4333333499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          }
        ]
      },
      "last_update_date": "2024-02-13T01:59:48.514000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "emerson Wireless 1410 Gateway",
            "trust": 0.8,
            "url": "https://www.emerson.com/en-br/catalog/emerson-sku-1410-wireless-gateway"
          },
          {
            "title": "Patch for Multiple Emerson Electric products access control error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/225029"
          },
          {
            "title": "Multiple Emerson Electric Product access control error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118753"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-135-02"
          },
          {
            "trust": 1.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12030"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu94025006"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12030"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-12030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12030"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "date": "2020-05-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          },
          {
            "date": "2021-09-29T20:15:07.870000",
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-36949"
          },
          {
            "date": "2022-07-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-12030"
          },
          {
            "date": "2020-05-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          },
          {
            "date": "2022-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          },
          {
            "date": "2022-07-08T18:20:47.457000",
            "db": "NVD",
            "id": "CVE-2020-12030"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Emerson WirelessHART Gateway Improper access control vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-004483"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202005-800"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0850

    Vulnerability from variot - Updated: 2023-12-18 14:05

    An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. EmersonSE4801T0XRedundantWirelessI/OCard and SE4801T1XSimplexWirelessI/OCard are wireless I/O cards from Emerson Electric, Inc., which are used to connect workstations and servers in DeltaV (software for process control) networks. A security vulnerability exists in EmersonSE4801T0XRedundantWirelessI/OCardV13.3 and SE4801T1XSimplexWirelessI/OCardV13.3. A remote attacker could exploit the vulnerability to access the device's file system by using an open port. Multiple Emerson products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0850",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "se4801t1x simplex wireless i/o card",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "emerson",
            "version": "13.3"
          },
          {
            "model": "se4801t0x redundant wireless i/o card",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "emerson",
            "version": "13.3"
          },
          {
            "model": "se4801t1x simplex wireless i\\/o card",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "emerson",
            "version": "13.3"
          },
          {
            "model": "se4801t0x redundant wireless i\\/o card",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "emerson",
            "version": "13.3"
          },
          {
            "model": "se4801t0x redundant wireless i/o card",
            "scope": null,
            "trust": 0.8,
            "vendor": "emerson",
            "version": null
          },
          {
            "model": "se4801t1x simplex wireless i/o card",
            "scope": null,
            "trust": 0.8,
            "vendor": "emerson",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "se4801t0x redundant i o card",
            "version": "13.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "se4801t1x simplex i o card",
            "version": "13.3"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "BID",
            "id": "94586"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\\/o_card_firmware:13.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\\/o_card:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:emerson:se4801t1x_simplex_wireless_i\\/o_card_firmware:13.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:emerson:se4801t1x_simplex_wireless_i\\/o_card:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "94586"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-9347",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-9347",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.2,
                "id": "CNVD-2016-11896",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.2,
                "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "VHN-98167",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 5.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.6,
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 5.0,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-9347",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-9347",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-11896",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-705",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-98167",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily. EmersonSE4801T0XRedundantWirelessI/OCard and SE4801T1XSimplexWirelessI/OCard are wireless I/O cards from Emerson Electric, Inc., which are used to connect workstations and servers in DeltaV (software for process control) networks. A security vulnerability exists in EmersonSE4801T0XRedundantWirelessI/OCardV13.3 and SE4801T1XSimplexWirelessI/OCardV13.3. A remote attacker could exploit the vulnerability to access the device\u0027s file system by using an open port. Multiple Emerson products are prone to a security-bypass vulnerability. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "BID",
            "id": "94586"
          },
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9347",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-334-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "94586",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "A3B16A9F-D6C5-455D-B34F-EA13CB0F0B9B",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "db": "BID",
            "id": "94586"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "id": "VAR-201702-0850",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          }
        ],
        "trust": 1.5666666999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:05:51.071000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
            "trust": 0.8,
            "url": "http://www.emerson.co.jp/div/epm/product5_1.html"
          },
          {
            "title": "Patches for multiple Emerson product security bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/85021"
          },
          {
            "title": "Emerson SE4801T0X Redundant Wireless I/O Card  and SE4801T1X Simplex Wireless I/O Card Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65972"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-254",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-334-03"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/94586"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9347"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9347"
          },
          {
            "trust": 0.3,
            "url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "db": "BID",
            "id": "94586"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "db": "BID",
            "id": "94586"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-06T00:00:00",
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "date": "2016-12-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "BID",
            "id": "94586"
          },
          {
            "date": "2017-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "date": "2017-02-13T21:59:01.830000",
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-11896"
          },
          {
            "date": "2017-03-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-98167"
          },
          {
            "date": "2016-12-20T00:04:00",
            "db": "BID",
            "id": "94586"
          },
          {
            "date": "2017-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          },
          {
            "date": "2017-03-13T16:52:21.450000",
            "db": "NVD",
            "id": "CVE-2016-9347"
          },
          {
            "date": "2016-12-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Emerson SE4801T0X Redundant and  SE4801T1X Simplex Wireless I/O Card In the firmware  SSH Vulnerabilities whose features are unnecessarily enabled",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007965"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "a3b16a9f-d6c5-455d-b34f-ea13cb0f0b9b"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-705"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202107-0947

    Vulnerability from variot - Updated: 2023-12-18 14:04

    Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0947",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proficy machine edition",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "emerson",
            "version": "8.0"
          },
          {
            "model": "proficy machine edition",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": null
          },
          {
            "model": "proficy machine edition",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a8\u30de\u30bd\u30f3",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:emerson:proficy_machine_edition:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          }
        ]
      },
      "cve": "CVE-2021-29298",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.6,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 4.9,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-29298",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-29298",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-29298",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2207",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-29298",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29298"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component \"FrameworX.exe\"in the module \"fxVPStatcTcp.dll\"",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-29298"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-29298",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-29298",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29298"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "id": "VAR-202107-0947",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2023-12-18T14:04:19.415000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "top page",
            "trust": 0.8,
            "url": "https://www.emerson.co.jp/ja-jp"
          },
          {
            "title": "Emerson GE Automation Proficy Machine Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159184"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://github.com/boofish/ge_proficy_machine_edition_vul"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/boofish/ge_proficy_machine_edition_vul/blob/main/vul2/vul2_steps.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29298"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29298"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-29298"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-29298"
          },
          {
            "date": "2022-06-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "date": "2021-07-30T19:15:09.177000",
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "date": "2021-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-29298"
          },
          {
            "date": "2022-06-29T07:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          },
          {
            "date": "2021-08-09T18:49:27.460000",
            "db": "NVD",
            "id": "CVE-2021-29298"
          },
          {
            "date": "2021-08-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Emerson\u00a0GE\u00a0Automation\u00a0Proficy\u00a0Machine\u00a0Edition\u00a0 Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-010362"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2207"
          }
        ],
        "trust": 0.6
      }
    }