Vulnerabilites related to Emerson - DeltaV
var-201206-0260
Vulnerability from variot
Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1817",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1817",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1817",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-321",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1817"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1817",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82013",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2641",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C502EB7A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"id": "VAR-201206-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
}
]
},
"last_update_date": "2024-11-23T21:46:19.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82013"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1817"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1817"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"date": "2012-06-08T18:55:01.657000",
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"date": "2024-11-21T01:37:50.323000",
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Multiple Product Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
}
],
"trust": 0.8
}
}
var-201206-0258
Vulnerability from variot
SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple Emerson Electric DeltaV products incorrectly filter user-submitted input, and an attacker can exploit a vulnerability for SQL injection attacks to obtain database information or control applications. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1815",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1815",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1815",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-319",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple Emerson Electric DeltaV products incorrectly filter user-submitted input, and an attacker can exploit a vulnerability for SQL injection attacks to obtain database information or control applications. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1815"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1815",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82011",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2637",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C51B3A36-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"id": "VAR-201206-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
}
]
},
"last_update_date": "2024-11-23T21:46:19.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "DeltaV multiple product SQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23445"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82011"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1815"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1815"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"date": "2012-06-08T18:55:01.567000",
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"date": "2024-11-21T01:37:50.100000",
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson of DeltaV In product SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
}
],
"trust": 0.8
}
}
var-201303-0017
Vulnerability from variot
The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. The following are vulnerable: DeltaV SE3006 SD Plus Controller versions 11.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav se3006 sd plus controller",
"scope": "lte",
"trust": 1.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3006 controller md plus hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.x"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.x"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav se3006 sd plus controller",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "deltav ve3005 controller md",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "deltav ve3006 controller md plus",
"version": "*"
},
{
"model": "electric co deltav ve3006 controller md plus hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric co deltav ve3006 controller md plus hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav ve3005 controller md hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric co deltav ve3005 controller md hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav se3006 sd plus controller",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav se3006 sd plus controller",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_se3006_sd_plus_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_ve3005_controller_md",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_ve3006_controller_md_plus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Langill",
"sources": [
{
"db": "BID",
"id": "58366"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2012-4703",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "0dba175e-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4703",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4703",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. \nThe following are vulnerable:\nDeltaV SE3006 SD Plus Controller versions 11.3.1 and prior\nDeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior\nDeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior\nDeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior\nDeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4703"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4703",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-053-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2013-01690",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52486",
"trust": 0.6
},
{
"db": "BID",
"id": "58366",
"trust": 0.3
},
{
"db": "IVD",
"id": "0DBA175E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"id": "VAR-201303-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
}
],
"trust": 1.68461536
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
}
]
},
"last_update_date": "2024-11-23T22:27:29.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/32712"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-053-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4703"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4703"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52486"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-11T00:00:00",
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"date": "2013-03-06T00:00:00",
"db": "BID",
"id": "58366"
},
{
"date": "2013-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"date": "2013-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"date": "2013-03-11T21:55:02.417000",
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"date": "2013-03-06T00:00:00",
"db": "BID",
"id": "58366"
},
{
"date": "2013-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"date": "2013-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"date": "2024-11-21T01:43:23.120000",
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 0.8
}
}
var-201206-0257
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. There are cross-site scripting vulnerabilities in multiple Emerson Electric DeltaV products that allow an attacker to exploit a vulnerability to build a malicious web page, entice a user to resolve, obtain sensitive information, or hijack a user session. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1814",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c52838a8-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1814",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1814",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. There are cross-site scripting vulnerabilities in multiple Emerson Electric DeltaV products that allow an attacker to exploit a vulnerability to build a malicious web page, entice a user to resolve, obtain sensitive information, or hijack a user session. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1814"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1814",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "81996",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2636",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C52838A8-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"id": "VAR-201206-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
}
]
},
"last_update_date": "2024-11-23T21:46:19.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Patch for cross-site scripting vulnerabilities in multiple DeltaV products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/81996"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1814"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1814"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"date": "2012-06-08T18:55:01.503000",
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"date": "2024-11-21T01:37:49.990000",
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Multiple Product Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
}
],
"trust": 0.6
}
}
var-201808-0381
Vulnerability from variot
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. Emerson DeltaV DCS Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.1,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.1,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.1,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.8,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.8,
"vendor": "emerson",
"version": "r5"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "r5"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14797",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-15735",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2f88740-39ab-11e9-99de-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-14797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14797",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15735",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-562",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. Emerson DeltaV DCS Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A stack-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14797"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14797",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-15735",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F88740-39AB-11E9-99DE-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"id": "VAR-201808-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
}
]
},
"last_update_date": "2024-11-23T21:52:56.244000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/deltav"
},
{
"title": "Emerson Electric Deltav Uncontrolled Search Path Element Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138019"
},
{
"title": "Emerson Electric Deltav Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84150"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14797"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14797"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"date": "2018-08-23T19:29:01.017000",
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"date": "2022-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"date": "2024-11-21T03:49:48.897000",
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric Deltav Uncontrolled Search Path Element Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
],
"trust": 0.8
}
}
var-201808-0379
Vulnerability from variot
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. DeltaV Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A stack buffer overflow vulnerability exists in Emerson Electric Deltav. Emerson DeltaV is prone to the following multiple security vulnerabilities: 1. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0379",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "r5"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-14793",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-15738",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-14793",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14793",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14793",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15738",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. DeltaV Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A stack buffer overflow vulnerability exists in Emerson Electric Deltav. Emerson DeltaV is prone to the following multiple security vulnerabilities:\n1. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14793",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-15738",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F7EB01-39AB-11E9-8366-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"id": "VAR-201808-0379",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
}
]
},
"last_update_date": "2024-11-23T21:52:56.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.emerson.co.jp/ja-jp"
},
{
"title": "Emerson Electric DeltaV Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138027"
},
{
"title": "Emerson Electric DeltaV Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84153"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14793"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14793"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"date": "2018-08-21T14:29:00.983000",
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"date": "2024-11-21T03:49:48.380000",
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric DeltaV Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
],
"trust": 0.8
}
}
var-201405-0280
Vulnerability from variot
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3 Can be related to Emerson AMS Device Management version, Emerson AMS Wireless SNAP-ON also.
CVE-2014-2349 - World writable system folder CVE-2014-2350 - Hardcoded credentials
Please find fixes in KBA NK-1400-0031.
Kudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov
http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "12.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov.",
"sources": [
{
"db": "BID",
"id": "67594"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2349",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2014-2349",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CNVD-2014-03277",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "f732f984-2351-11e6-abef-000c29c66e3d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2349",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2349",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-452",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nEmerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3\nCan be related to Emerson AMS Device Management version, Emerson AMS\nWireless SNAP-ON also. \n\nCVE-2014-2349 - World writable system folder\nCVE-2014-2350 - Hardcoded credentials\n\nPlease find fixes in KBA NK-1400-0031. \n\nKudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov\nand Timur Yunusov\n\n\nhttp://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "126810"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2349",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-133-02",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2014-03277",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452",
"trust": 1.2
},
{
"db": "BID",
"id": "67594",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "107278",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D70CFDE-463F-11E9-83B6-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "EA6FA934-1ED5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "F732F984-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126810",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"id": "VAR-201405-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
}
],
"trust": 0.12
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
}
]
},
"last_update_date": "2024-11-23T23:02:49.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV \u0027\\\\DeltaV\u0027 directory authorizes security to bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45902"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2349"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2349"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/107278"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02#footnotee_tgc3i2k"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2350"
},
{
"trust": 0.1,
"url": "http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67594"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"date": "2014-05-27T04:44:44",
"db": "PACKETSTORM",
"id": "126810"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"date": "2014-05-22T20:55:06.377000",
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67594"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"date": "2024-11-21T02:06:07.730000",
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67594"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV \u0027\\DeltaV\u0027 Directory Authorization Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "67594"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 0.6
}
}
var-201210-0173
Vulnerability from variot
Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. Emerson DeltaV is a digital engineering control system developed by Emerson. Emerson DeltaV failed to properly filter the input in the project file, and illegal information in some fields can crash the program or be used to execute arbitrary code. Emerson DeltaV is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to cause a crash, denying service to legitimate users. Emerson DeltaV 9.3.1, 10.3.1, 11.3, and 11.3.1 are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Emerson DeltaV Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA50823
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50823
RELEASE DATE: 2012-10-01
DISCUSS ADVISORY: http://secunia.com/advisories/50823/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50823/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50823
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in DeltaV, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a buffer overflow and crash the application.
The vulnerability is reported in versions 9.3.1, 10.3.1, 11.3, and 11.3.1.
SOLUTION: Reportedly a hotfix has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3 to 11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of the Security Research and Service Institute-Information and Communication Security Technology Center (ICST)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3035",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-3035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "565409ac-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3035",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3035",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-727",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. Emerson DeltaV is a digital engineering control system developed by Emerson. Emerson DeltaV failed to properly filter the input in the project file, and illegal information in some fields can crash the program or be used to execute arbitrary code. Emerson DeltaV is prone to a buffer-overflow vulnerability. \nAn attacker can exploit this issue to cause a crash, denying service to legitimate users. \nEmerson DeltaV 9.3.1, 10.3.1, 11.3, and 11.3.1 are vulnerable. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nEmerson DeltaV Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50823\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50823/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50823\n\nRELEASE DATE:\n2012-10-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50823/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50823/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50823\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in DeltaV, which can be exploited\nby malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error when processing certain\npackets and can be exploited to cause a buffer overflow and crash the\napplication. \n\nThe vulnerability is reported in versions 9.3.1, 10.3.1, 11.3, and\n11.3.1. \n\nSOLUTION:\nReportedly a hotfix has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3035"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "117029"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3035",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-265-01",
"trust": 1.9
},
{
"db": "BID",
"id": "55719",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2012-5529",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47144",
"trust": 0.6
},
{
"db": "IVD",
"id": "565409AC-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50823",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "117029",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "PACKETSTORM",
"id": "117029"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"id": "VAR-201210-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
}
],
"trust": 1.68461536
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
}
]
},
"last_update_date": "2024-11-23T21:46:19.471000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Patch for Emerson DeltaV Buffer Overflow Vulnerability (CNVD-2012-5529)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23449"
},
{
"title": "Emerson DeltaV Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123573"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-265-01.pdf"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/55719"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3035"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3035"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47144"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50823"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50823/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50823/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "PACKETSTORM",
"id": "117029"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "PACKETSTORM",
"id": "117029"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-08T00:00:00",
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"date": "2012-09-28T00:00:00",
"db": "BID",
"id": "55719"
},
{
"date": "2012-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"date": "2012-10-01T06:11:44",
"db": "PACKETSTORM",
"id": "117029"
},
{
"date": "2012-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"date": "2012-10-01T18:55:00.923000",
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"date": "2012-09-28T00:00:00",
"db": "BID",
"id": "55719"
},
{
"date": "2012-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"date": "2024-11-21T01:40:09.467000",
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
],
"trust": 0.6
}
}
var-201702-0848
Vulnerability from variot
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is an elevation of privilege vulnerability in Emerson DeltaV
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "13.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "deltav",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3"
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94584"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9345",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2016-9345",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11817",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2016-9345",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9345",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9345",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is an elevation of privilege vulnerability in Emerson DeltaV",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9345"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9345",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-334-02",
"trust": 2.7
},
{
"db": "BID",
"id": "94584",
"trust": 2.5
},
{
"db": "BID",
"id": "105767",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-11817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966",
"trust": 0.8
},
{
"db": "IVD",
"id": "8E3727F3-4C57-46FA-B531-77BA29B04434",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"id": "VAR-201702-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
}
]
},
"last_update_date": "2024-11-23T22:06:37.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV privilege patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84831"
},
{
"title": "Emerson DeltaV Repair measures for privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65971"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-334-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/94584"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/105767"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9345"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9345"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"date": "2016-11-29T00:00:00",
"db": "BID",
"id": "94584"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"date": "2016-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"date": "2017-02-13T21:59:01.767000",
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"date": "2016-12-20T02:03:00",
"db": "BID",
"id": "94584"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"date": "2024-11-21T03:00:59.607000",
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Easy Security Management Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
}
],
"trust": 0.6
}
}
var-201901-0856
Vulnerability from variot
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson Electric. The system includes network security management, alarm management, batch control and change management. Emerson DeltaV is prone to an authentication-bypass vulnerability. DeltaV Distributed Control System 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "11.3.2"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "gte",
"trust": 1.0,
"vendor": "emerson",
"version": "r5.1"
},
{
"model": "deltav",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "r6"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "14.3"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.2"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "14.3"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "r5.1"
},
{
"model": "deltav distributed control system",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "r6"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.2"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "14.3"
},
{
"model": "electric deltav distributed control system r5.1",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "electric deltav distributed control system \u003c=r6",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav r6",
"scope": null,
"trust": 0.3,
"vendor": "emerson",
"version": null
},
{
"model": "deltav r5.1",
"scope": null,
"trust": 0.3,
"vendor": "emerson",
"version": null
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "14.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "14.3"
},
{
"model": "r5.1",
"scope": null,
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_distributed_control_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Nochvay of Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106522"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
],
"trust": 0.9
},
"cve": "CVE-2018-19021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-19021",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-01681",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-19021",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19021",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-19021",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-01681",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-433",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson Electric. The system includes network security management, alarm management, batch control and change management. Emerson DeltaV is prone to an authentication-bypass vulnerability. \nDeltaV Distributed Control System 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19021",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-010-01",
"trust": 2.7
},
{
"db": "BID",
"id": "106522",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2019-01681",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D84CD0F-463F-11E9-95FB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"id": "VAR-201901-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
}
]
},
"last_update_date": "2024-11-23T22:48:30.705000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Distributed Control System",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/control-and-safety-systems/distributed-control-systems-dcs/deltav-distributed-control-system"
},
{
"title": "Emerson DeltaV Distributed Control System Authentication Vulnerability Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/150173"
},
{
"title": "Emerson DeltaV Distributed Control System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88591"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-010-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/106522"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19021"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19021"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"date": "2019-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"date": "2019-01-10T00:00:00",
"db": "BID",
"id": "106522"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"date": "2019-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"date": "2019-01-25T20:29:00.283000",
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"date": "2019-01-10T00:00:00",
"db": "BID",
"id": "106522"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"date": "2024-11-21T03:57:10.977000",
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Distributed Control System Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
],
"trust": 0.6
}
}
var-201808-0380
Vulnerability from variot
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. DeltaV Contains a path traversal vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A path traversal vulnerability exists in Emerson Electric Deltav that stems from a program failing to validate the path. An attacker could exploit the vulnerability to replace the executable. Emerson DeltaV is prone to the following multiple security vulnerabilities: 1. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "r5"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-14795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-15736",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-14795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14795",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-563",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. DeltaV Contains a path traversal vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A path traversal vulnerability exists in Emerson Electric Deltav that stems from a program failing to validate the path. An attacker could exploit the vulnerability to replace the executable. Emerson DeltaV is prone to the following multiple security vulnerabilities:\n1. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A stack-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14795"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14795",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-15736",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F86030-39AB-11E9-8C98-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"id": "VAR-201808-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
}
]
},
"last_update_date": "2024-11-23T21:52:55.802000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/deltav"
},
{
"title": "Emerson Electric Deltav Path Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138021"
},
{
"title": "Emerson Electric Deltav Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
},
{
"problemtype": "CWE-23",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14795"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14795"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"date": "2018-08-21T14:29:01.357000",
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"date": "2024-11-21T03:49:48.643000",
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric Deltav Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 0.8
}
}
var-201808-0378
Vulnerability from variot
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "r5"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "r5"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "12.3.15"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_distributed_control_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-15737",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-14791",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14791",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14791",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-564",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A stack-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14791",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-15737",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F8391F-39AB-11E9-8A62-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"id": "VAR-201808-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
}
]
},
"last_update_date": "2024-11-23T21:52:56.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Distributed Control System",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/control-and-safety-systems/distributed-control-systems-dcs/deltav-distributed-control-system"
},
{
"title": "Emerson Electric DeltaV Rights Management Patch for Vulnerable Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138023"
},
{
"title": "Emerson Electric DeltaV Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14791"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14791"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"date": "2018-08-23T19:29:00.907000",
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"date": "2024-11-21T03:49:48.110000",
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV DCS Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
],
"trust": 0.6
}
}
var-201206-0259
Vulnerability from variot
PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1816",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1816",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1816",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1816"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1816",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82012",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2639",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C50F1CCE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"id": "VAR-201206-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
}
]
},
"last_update_date": "2024-11-23T21:46:19.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Patch for DeltaV Multiple Product Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23447"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82012"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1816"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1816"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"date": "2012-06-08T18:55:01.610000",
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"date": "2024-11-21T01:37:50.217000",
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson of DeltaV Product PORTSERV.exe Service disruption in ( Daemon crash ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
}
],
"trust": 0.8
}
}
var-201206-0261
Vulnerability from variot
An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1818",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1818",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1818",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1818",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1818"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1818",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82014",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2643",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C4F6A3C4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"id": "VAR-201206-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
}
]
},
"last_update_date": "2024-11-23T21:46:19.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "DeltaV Multiple Product File Operation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23448"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82014"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1818"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1818"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"date": "2012-06-08T18:55:01.707000",
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"date": "2024-11-21T01:37:50.433000",
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Multiple Product File Operation Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
}
],
"trust": 0.6
}
}
var-201405-0281
Vulnerability from variot
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable application. Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3 Can be related to Emerson AMS Device Management version, Emerson AMS Wireless SNAP-ON also.
CVE-2014-2349 - World writable system folder CVE-2014-2350 - Hardcoded credentials
Please find fixes in KBA NK-1400-0031.
Kudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov
http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "12.3"
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov.",
"sources": [
{
"db": "BID",
"id": "67596"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2350",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2350",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "CNVD-2014-03278",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "f73024e8-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2350",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2350",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-03278",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable application. \nEmerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3\nCan be related to Emerson AMS Device Management version, Emerson AMS\nWireless SNAP-ON also. \n\nCVE-2014-2349 - World writable system folder\nCVE-2014-2350 - Hardcoded credentials\n\nPlease find fixes in KBA NK-1400-0031. \n\nKudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov\nand Timur Yunusov\n\n\nhttp://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2350"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "126810"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2350",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-133-02",
"trust": 2.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03278",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453",
"trust": 1.2
},
{
"db": "BID",
"id": "67596",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "107279",
"trust": 0.6
},
{
"db": "IVD",
"id": "E84687A4-1ED5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "F73024E8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D70A8D1-463F-11E9-929A-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126810",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"id": "VAR-201405-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
}
],
"trust": 0.12
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
}
]
},
"last_update_date": "2024-11-23T23:02:49.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV hard-coded certificate security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45903"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2350"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2350"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/107279"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02#footnotee_tgc3i2k"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2350"
},
{
"trust": 0.1,
"url": "http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67596"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"date": "2014-05-27T04:44:44",
"db": "PACKETSTORM",
"id": "126810"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"date": "2014-05-22T20:55:06.440000",
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67596"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"date": "2024-11-21T02:06:07.837000",
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
}
],
"trust": 1.2
}
}
Vulnerability from fkie_nvd
Published
2019-01-25 20:29
Modified
2024-11-21 03:57
Severity ?
Summary
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/106522 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106522 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E8CCB6-9595-40D1-AC55-DD9CF1DCAB98",
"versionEndIncluding": "r6",
"versionStartIncluding": "r5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48E61C07-A184-42A2-910A-50A8B81E120F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C1FF31-4D2F-4678-8F7E-826F3E313EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34EE3357-D4EE-4994-9466-DB82F1A858A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
},
{
"lang": "es",
"value": "Un script especialmente manipulado podr\u00eda omitir la autenticaci\u00f3n de un puerto de mantenimiento de Emerson DeltaV DCS, en versiones 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 y anteriores, lo que podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-19021",
"lastModified": "2024-11-21T03:57:10.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-25T20:29:00.283",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | deltav | 9.3.1 | |
| emerson | deltav | 10.3.1 | |
| emerson | deltav | 11.3 | |
| emerson | deltav | 11.3.1 | |
| emerson | deltav_proessentials_scientific_graph | 5.0.0.6 | |
| emerson | deltav_workstation | 9.3.1 | |
| emerson | deltav_workstation | 10.3.1 | |
| emerson | deltav_workstation | 11.3 | |
| emerson | deltav_workstation | 11.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A47A4CF-7DC2-40BF-8665-261C17A4159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_proessentials_scientific_graph:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75620876-5526-451E-8284-3CB1BF16642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B41EAEE-53EC-4EF0-BB63-58772E4D6278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35A6AE-616B-4254-83B6-50726498B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C9C34A-FE86-4B79-BC2F-14B7F6320A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A164A098-9568-476F-BE49-D847378A7BE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111."
},
{
"lang": "es",
"value": "PORTSERV.exe en Emerson DeltaV y DeltaV Workstations v9.3.1, v10.3.1, v11.3, y v11.3.1 y DeltaV ProEssentials Scientific Graph v5.0.0.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un paquete (1) TCP o (2) UDP sobre el puerto 111."
}
],
"id": "CVE-2012-1816",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:01.610",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/82012"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-01 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A47A4CF-7DC2-40BF-8665-261C17A4159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Emerson DeltaV v9.3.1 y v10.3 a v11.3.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una larga cadena a un puerto no especificado."
}
],
"id": "CVE-2012-3035",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-01T18:55:00.923",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/55719"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | deltav | 9.3.1 | |
| emerson | deltav | 10.3.1 | |
| emerson | deltav | 11.3 | |
| emerson | deltav | 11.3.1 | |
| emerson | deltav_proessentials_scientific_graph | 5.0.0.6 | |
| emerson | deltav_workstation | 9.3.1 | |
| emerson | deltav_workstation | 10.3.1 | |
| emerson | deltav_workstation | 11.3 | |
| emerson | deltav_workstation | 11.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A47A4CF-7DC2-40BF-8665-261C17A4159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_proessentials_scientific_graph:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75620876-5526-451E-8284-3CB1BF16642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B41EAEE-53EC-4EF0-BB63-58772E4D6278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35A6AE-616B-4254-83B6-50726498B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C9C34A-FE86-4B79-BC2F-14B7F6320A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A164A098-9568-476F-BE49-D847378A7BE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Emerson DeltaV y DeltaV Workstations v9.3.1, v10.3.1, v11.3, y v11.3.1 y DeltaV ProEssentials Scientific Graph v5.0.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-1814",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-08T18:55:01.503",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/81996"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105767 | ||
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/94584 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105767 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94584 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA838B9-D68D-46FE-88A8-C0D1C3AC407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C1FF31-4D2F-4678-8F7E-826F3E313EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78206A10-286C-4FD6-AD5F-087ED5AD7422",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1 y DeltaV V13.3. Vulnerabilidades cr\u00edticas pueden permitir que un atacante local eleve privilegios dentro del sistema de control DeltaV."
}
],
"id": "CVE-2016-9345",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.3,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:01.767",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/105767"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94584"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/105767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA838B9-D68D-46FE-88A8-C0D1C3AC407C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."
},
{
"lang": "es",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1 y 12.3 utiliza credenciales embebidas para servicios diagn\u00f3sticos, lo que permite a atacantes remotos evadir restricciones de acceso a trav\u00e9s de una sesi\u00f3n TCP, tal y como fue demostrado por una sesi\u00f3n que utiliza el programa telnet."
}
],
"id": "CVE-2014-2350",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T20:55:06.440",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 20:55
Modified
2025-10-03 16:16
Severity ?
Summary
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA838B9-D68D-46FE-88A8-C0D1C3AC407C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."
},
{
"lang": "es",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1 y 12.3 permite a usuarios locales modificar o leer archivos de configuraci\u00f3n mediante el aprovechamiento de privilegios de nivel de ingenier\u00eda."
}
],
"id": "CVE-2014-2349",
"lastModified": "2025-10-03T16:16:14.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T20:55:06.377",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-28 20:15
Modified
2025-04-17 16:15
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14:feature_pack1:*:*:*:*:*:*",
"matchCriteriaId": "F2061D08-4DF5-473E-A68A-C1E6DD1EEA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14:feature_pack2:*:*:*:*:*:*",
"matchCriteriaId": "06B9E5CA-A790-4298-AA75-A10D62ECCD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:14.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A8836-877A-4796-9A28-E7D9AB412024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:r6:*:*:*:*:*:*:*",
"matchCriteriaId": "713DC40C-D9B9-43AA-9907-150467EAE43F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
},
{
"lang": "es",
"value": "Unas DLLs que faltan, si son reemplazadas por un insider, podr\u00edan permitir a un atacante lograr una escalada local de privilegios en DeltaV Distributed Control System Controllers and Workstations (Todas las versiones) cuando son iniciados algunos servicios DeltaV"
}
],
"id": "CVE-2021-44463",
"lastModified": "2025-04-17T16:15:24.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-28T20:15:12.137",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-21 14:29
Modified
2024-11-21 03:49
Severity ?
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C1FF31-4D2F-4678-8F7E-826F3E313EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9D75E8-83C9-4FE7-B876-77F3BDAF36BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEFEA64-511D-4BFC-8105-0D858E240FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
},
{
"lang": "es",
"value": "DeltaV en sus versiones 11.3.1, 12.3.1, 13.3.0, 13.3.1 y R5 es vulnerable debido a una validaci\u00f3n incorrecta de rutas, lo que puede permitir que un atacante reemplace archivos ejecutables."
}
],
"id": "CVE-2018-14795",
"lastModified": "2024-11-21T03:49:48.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T14:29:01.357",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:49
Severity ?
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C1FF31-4D2F-4678-8F7E-826F3E313EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9D75E8-83C9-4FE7-B876-77F3BDAF36BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEFEA64-511D-4BFC-8105-0D858E240FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
},
{
"lang": "es",
"value": "En Emerson DeltaV DCS en versiones 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 permite que se coloque un archivo DLL especialmente manipulado en la ruta de b\u00fasqueda y que se cargue como un DLL interno v\u00e1lido, lo que podr\u00eda provocar la ejecuci\u00f3n arbitraria de c\u00f3digo."
}
],
"id": "CVE-2018-14797",
"lastModified": "2024-11-21T03:49:48.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:01.017",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | deltav | 9.3.1 | |
| emerson | deltav | 10.3.1 | |
| emerson | deltav | 11.3 | |
| emerson | deltav | 11.3.1 | |
| emerson | deltav_proessentials_scientific_graph | 5.0.0.6 | |
| emerson | deltav_workstation | 9.3.1 | |
| emerson | deltav_workstation | 10.3.1 | |
| emerson | deltav_workstation | 11.3 | |
| emerson | deltav_workstation | 11.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A47A4CF-7DC2-40BF-8665-261C17A4159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_proessentials_scientific_graph:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75620876-5526-451E-8284-3CB1BF16642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B41EAEE-53EC-4EF0-BB63-58772E4D6278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35A6AE-616B-4254-83B6-50726498B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C9C34A-FE86-4B79-BC2F-14B7F6320A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A164A098-9568-476F-BE49-D847378A7BE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Un control ActiveX no especificado en Emerson DeltaV y DeltaV Workstations v9.3.1, v10.3.1, v11.3, y v11.3.1 y DeltaV ProEssentials Scientific Graph v5.0.0.6 permite a atacantes remotos sobrescribir ficheros a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-1818",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:01.707",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/82014"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | deltav | 9.3.1 | |
| emerson | deltav | 10.3.1 | |
| emerson | deltav | 11.3 | |
| emerson | deltav | 11.3.1 | |
| emerson | deltav_proessentials_scientific_graph | 5.0.0.6 | |
| emerson | deltav_workstation | 9.3.1 | |
| emerson | deltav_workstation | 10.3.1 | |
| emerson | deltav_workstation | 11.3 | |
| emerson | deltav_workstation | 11.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A47A4CF-7DC2-40BF-8665-261C17A4159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_proessentials_scientific_graph:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75620876-5526-451E-8284-3CB1BF16642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B41EAEE-53EC-4EF0-BB63-58772E4D6278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35A6AE-616B-4254-83B6-50726498B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C9C34A-FE86-4B79-BC2F-14B7F6320A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A164A098-9568-476F-BE49-D847378A7BE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Emerson DeltaV y DeltaV Workstations v9.3.1, v10.3.1, v11.3, y v11.3.1 y DeltaV ProEssentials Scientific Graph v5.0.0.6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un campo inv\u00e1lido en un fichero de proyecto."
}
],
"id": "CVE-2012-1817",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:01.657",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/82013"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 19:29
Modified
2024-11-21 03:49
Severity ?
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C1FF31-4D2F-4678-8F7E-826F3E313EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78206A10-286C-4FD6-AD5F-087ED5AD7422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEFEA64-511D-4BFC-8105-0D858E240FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
},
{
"lang": "es",
"value": "En Emerson DeltaV DCS en versiones 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 podr\u00eda permitir que los usuarios no administrativos cambien archivos ejecutables y de librer\u00edas en los productos afectados."
}
],
"id": "CVE-2018-14791",
"lastModified": "2024-11-21T03:49:48.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T19:29:00.907",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-21 14:29
Modified
2024-11-21 03:49
Severity ?
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105105 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C1FF31-4D2F-4678-8F7E-826F3E313EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9D75E8-83C9-4FE7-B876-77F3BDAF36BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:13.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01456184-6B25-4029-82D4-F5BF16180D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:r5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEFEA64-511D-4BFC-8105-0D858E240FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
},
{
"lang": "es",
"value": "DeltaV en sus versiones 11.3.1, 12.3.1, 13.3.0, 13.3.1 y R5 es vulnerable a una explotaci\u00f3n de desbordamiento de b\u00fafer mediante un puerto de comunicaci\u00f3n abierto para permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2018-14793",
"lastModified": "2024-11-21T03:49:48.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T14:29:00.983",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | deltav | 9.3.1 | |
| emerson | deltav | 10.3.1 | |
| emerson | deltav | 11.3 | |
| emerson | deltav | 11.3.1 | |
| emerson | deltav_proessentials_scientific_graph | 5.0.0.6 | |
| emerson | deltav_workstation | 9.3.1 | |
| emerson | deltav_workstation | 10.3.1 | |
| emerson | deltav_workstation | 11.3 | |
| emerson | deltav_workstation | 11.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:deltav:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A47A4CF-7DC2-40BF-8665-261C17A4159B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_proessentials_scientific_graph:5.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75620876-5526-451E-8284-3CB1BF16642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B41EAEE-53EC-4EF0-BB63-58772E4D6278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35A6AE-616B-4254-83B6-50726498B765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C9C34A-FE86-4B79-BC2F-14B7F6320A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:deltav_workstation:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A164A098-9568-476F-BE49-D847378A7BE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Emerson DeltaV y DeltaV Workstations v9.3.1, v10.3.1, v11.3, y v11.3.1 y DeltaV ProEssentials Scientific Graph v5.0.0.6, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificadas."
}
],
"id": "CVE-2012-1815",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:01.567",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/82011"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-1818 (GCVE-0-2012-1818)
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/82014 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/49210 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53591 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82014"
},
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "82014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82014"
},
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82014",
"refsource": "OSVDB",
"url": "http://osvdb.org/82014"
},
{
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1818",
"datePublished": "2012-06-08T18:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2349 (GCVE-0-2014-2349)
Vulnerability from cvelistv5
Published
2014-05-22 20:00
Modified
2025-10-03 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DeltaV",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "11.3"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "12.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov of Positive Technologies"
}
],
"datePublic": "2014-05-22T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.\n\n\u003c/p\u003e"
}
],
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T16:13:34.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Emerson has created a patch to mitigate these vulnerabilities. Emerson \nhas distributed a notification (KBA NK-1400-0031) that provides details \nof the vulnerabilities, recommended mitigations, and instructions on \nobtaining and installing the patch. This document is available on \nEmerson\u2019s support site to users who have support contracts with Emerson.\n If you do not have access to this site and need to apply the patch, \nplease contact customer service at 1\u2011800\u2011833\u20118314.\n\n\u003cbr\u003e"
}
],
"value": "Emerson has created a patch to mitigate these vulnerabilities. Emerson \nhas distributed a notification (KBA NK-1400-0031) that provides details \nof the vulnerabilities, recommended mitigations, and instructions on \nobtaining and installing the patch. This document is available on \nEmerson\u2019s support site to users who have support contracts with Emerson.\n If you do not have access to this site and need to apply the patch, \nplease contact customer service at 1\u2011800\u2011833\u20118314."
}
],
"source": {
"advisory": "ICSA-14-133-02",
"discovery": "UNKNOWN"
},
"title": "Emerson DeltaV Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2349",
"datePublished": "2014-05-22T20:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T16:13:34.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1817 (GCVE-0-2012-1817)
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49210 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53591 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/82013 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "82013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "82013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "82013",
"refsource": "OSVDB",
"url": "http://osvdb.org/82013"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1817",
"datePublished": "2012-06-08T18:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14795 (GCVE-0-2018-14795)
Vulnerability from cvelistv5
Published
2018-08-21 14:00
Modified
2024-09-16 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - RELATIVE PATH TRAVERSAL
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105105 | vdb-entry, x_refsource_BID |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14795",
"datePublished": "2018-08-21T14:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T20:26:38.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2350 (GCVE-0-2014-2350)
Vulnerability from cvelistv5
Published
2014-05-22 20:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-22T19:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2350",
"datePublished": "2014-05-22T20:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1814 (GCVE-0-2012-1814)
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49210 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/81996 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/53591 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "81996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81996"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "81996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81996"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name": "81996",
"refsource": "OSVDB",
"url": "http://osvdb.org/81996"
},
{
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1814",
"datePublished": "2012-06-08T18:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3035 (GCVE-0-2012-3035)
Vulnerability from cvelistv5
Published
2012-10-01 18:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55719 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78972 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf"
},
{
"name": "deltav-packets-dos(78972)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "55719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf"
},
{
"name": "deltav-packets-dos(78972)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55719"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf"
},
{
"name": "deltav-packets-dos(78972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3035",
"datePublished": "2012-10-01T18:00:00",
"dateReserved": "2012-05-30T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19021 (GCVE-0-2018-19021)
Vulnerability from cvelistv5
Published
2019-01-25 20:00
Modified
2024-09-17 03:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-307 - Authentication Bypass
Summary
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106522 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | Emerson DeltaV |
Version: DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson DeltaV",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Authentication Bypass CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-26T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-19021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson DeltaV",
"version": {
"version_data": [
{
"version_value": "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19021",
"datePublished": "2019-01-25T20:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-17T03:52:35.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1816 (GCVE-0-2012-1816)
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49210 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/82012 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/53591 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "82012",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82012"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "82012",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82012"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name": "82012",
"refsource": "OSVDB",
"url": "http://osvdb.org/82012"
},
{
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1816",
"datePublished": "2012-06-08T18:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14791 (GCVE-0-2018-14791)
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105105 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | DeltaV DCS |
Version: v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV DCS",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV DCS",
"version": {
"version_data": [
{
"version_value": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14791",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T22:51:13.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1815 (GCVE-0-2012-1815)
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-08-06 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/82011 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/49210 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53591 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82011"
},
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "82011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82011"
},
{
"name": "49210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82011",
"refsource": "OSVDB",
"url": "http://osvdb.org/82011"
},
{
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1815",
"datePublished": "2012-06-08T18:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9345 (GCVE-0-2016-9345)
Vulnerability from cvelistv5
Published
2017-02-13 21:00
Modified
2024-08-06 02:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Emerson DeltaV Easy Security Management Application Vulnerability
Summary
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105767 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/94584 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson DeltaV Easy Security Management through 13.3 |
Version: Emerson DeltaV Easy Security Management through 13.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson DeltaV Easy Security Management through 13.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Emerson DeltaV Easy Security Management through 13.3"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Emerson DeltaV Easy Security Management Application Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson DeltaV Easy Security Management through 13.3",
"version": {
"version_data": [
{
"version_value": "Emerson DeltaV Easy Security Management through 13.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Emerson DeltaV Easy Security Management Application Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9345",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14793 (GCVE-0-2018-14793)
Vulnerability from cvelistv5
Published
2018-08-21 14:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105105 | vdb-entry, x_refsource_BID |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14793",
"datePublished": "2018-08-21T14:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T23:46:15.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14797 (GCVE-0-2018-14797)
Vulnerability from cvelistv5
Published
2018-08-23 19:00
Modified
2024-09-17 04:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/105105 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | DeltaV DCS |
Version: v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV DCS",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV DCS",
"version": {
"version_data": [
{
"version_value": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14797",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T04:19:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44463 (GCVE-0-2021-44463)
Vulnerability from cvelistv5
Published
2022-01-28 19:09
Modified
2025-04-17 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-44463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:30:28.054050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:51:38.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
},
"title": "Emerson DeltaV Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T15:34:00.000Z",
"ID": "CVE-2021-44463",
"STATE": "PUBLIC",
"TITLE": "Emerson DeltaV Uncontrolled Search Path Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
]
},
"solution": [
{
"lang": "en"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-44463",
"datePublished": "2022-01-28T19:09:50.632Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-17T15:51:38.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}