Skip to main content

Deltav Distributed Control System Sq Controller Firmware CVE-2022-29964

MEDIUM
Use of Hard-coded Credentials (CWE-798)
2022-07-26 cve@mitre.org
Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware Se4003S2B524 Pin Mass I O Terminal Block Firmware Se4017P0 H1 I O Interface Card And Terminl Block Firmware Se4017P1 H1 I O Card With Integrated Power Firmware Se4019P0 Simplex H1 4 Port Plus Fieldbus I O Interface With Terminalblock Firmware Se4026 Virtual I O Module 2 Firmware Se4027 Virtual I O Module 2 Firmware Se4032S1T2B8 High Side 40 Pin Do Mass I O Terminal Block Firmware Se4037P0 H1 I O Interface Card And Terminl Block Firmware Se4037P1 Redundant H1 I O Card With Integrated Power And Terminal Block Firmware Se4039P0 Redundant H1 4 Port Plus Fieldbus I O Interface With Terminalblock Firmware Se4052S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4082S1T2B8 High Side 40 Pin Do Mass I O Terminal Block Firmware Se4100 Simplex Ethernet I O Card Eioc Assembly Firmware Se4101 Simplex Ethernet I O Card Eioc Assembly Firmware Se4801T0X Redundant Wireless I O Card Firmware Ve4103 Modbus Tcp Interface For Ethernet Connected I O Eioc Firmware Ve4104 Ethernet Ip Control Tag Integration For Ethernet Connected I O Eioc Firmware Ve4105 Ethernet Ip Interface For Ethernet Connected I O Eioc Firmware Ve4106 Opc Ua Client For Ethernet Connected I O Eioc Firmware Ve4107 Iec 61850 Mms Interface For Ethernet Connected I O Eioc Firmware
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 26, 2022 - 22:15 nvd
MEDIUM 5.5

DescriptionNVD

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350.

AnalysisAI

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. Affected products include: Emerson Deltav Distributed Control System Sq Controller Firmware, Emerson Deltav Distributed Control System Sx Controller Firmware, Emerson Se4002S1T2B6 High Side 40-Pin Mass I\/O Terminal Block Firmware, Emerson Se4003S2B4 16-Pin Mass I\/O Terminal Block Firmware, Emerson Se4003S2B524-Pin Mass I\/O Terminal Block Firmware. Version information: through 2022.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

Share

CVE-2022-29964 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy