CVE-2025-53471 (GCVE-0-2025-53471)
Vulnerability from cvelistv5
Published
2025-07-10 23:45
Modified
2025-07-11 13:29
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE
Summary
Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
ics-cert@hq.dhs.govhttps://www.emerson.com/en-us/support/security-notifications
ics-cert@hq.dhs.govhttps://www.emerson.com/en-us/support/software-downloads-drivers
Impacted products
Vendor Product Version
Emerson ValveLink SOLO Version: 0   < ValveLink 14.0
 Create a notification for this product.
   Emerson ValveLink DTM Version: 0   < ValveLink 14.0
 Create a notification for this product.
   Emerson ValveLink PRM Version: 0   < ValveLink 14.0
 Create a notification for this product.
   Emerson ValveLink SNAP-ON Version: 0   < ValveLink 14.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:29:05.416717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:29:12.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ValveLink SOLO",
          "vendor": "Emerson",
          "versions": [
            {
              "lessThan": "ValveLink 14.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ValveLink DTM",
          "vendor": "Emerson",
          "versions": [
            {
              "lessThan": "ValveLink 14.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ValveLink PRM",
          "vendor": "Emerson",
          "versions": [
            {
              "lessThan": "ValveLink 14.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ValveLink SNAP-ON",
          "vendor": "Emerson",
          "versions": [
            {
              "lessThan": "ValveLink 14.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Emerson reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."
            }
          ],
          "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-10T23:45:39.592Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"
        },
        {
          "url": "https://www.emerson.com/en-us/support/security-notifications"
        },
        {
          "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"
        }
      ],
      "source": {
        "advisory": "ICSA-25-189-01",
        "discovery": "INTERNAL"
      },
      "title": "Emerson ValveLink Products Improper Input Validation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-53471",
    "datePublished": "2025-07-10T23:45:39.592Z",
    "dateReserved": "2025-06-30T14:34:56.244Z",
    "dateUpdated": "2025-07-11T13:29:12.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53471\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-07-11T00:15:26.933\",\"lastModified\":\"2025-07-15T13:14:49.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Emerson ValveLink products \\nreceive input or data, but it do not validate or incorrectly \\nvalidates that the input has the properties that are required to process\\n the data safely and correctly.\"},{\"lang\":\"es\",\"value\":\"Los productos Emerson ValveLink reciben entradas o datos, pero no validan o validan incorrectamente que la entrada tenga las propiedades necesarias para procesar los datos de forma segura y correcta.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.emerson.com/en-us/support/security-notifications\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.emerson.com/en-us/support/software-downloads-drivers\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53471\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-11T13:29:05.416717Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T13:29:09.642Z\"}}], \"cna\": {\"title\": \"Emerson ValveLink Products Improper Input Validation\", \"source\": {\"advisory\": \"ICSA-25-189-01\", \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Emerson reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Emerson\", \"product\": \"ValveLink SOLO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"ValveLink 14.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Emerson\", \"product\": \"ValveLink DTM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"ValveLink 14.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Emerson\", \"product\": \"ValveLink PRM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"ValveLink 14.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Emerson\", \"product\": \"ValveLink SNAP-ON\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"ValveLink 14.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Emerson recommends users update their Valvelink software to ValveLink \\n14.0 or later. The upgrade can be downloaded from the Emerson  website https://www.emerson.com/en-us/support/software-downloads-drivers \\u00a0.For more information see the associated  Emerson security notification. https://www.emerson.com/en-us/support/security-notifications\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Emerson recommends users update their Valvelink software to ValveLink \\n14.0 or later. The upgrade can be downloaded from the Emerson \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.emerson.com/en-us/support/software-downloads-drivers\\\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor more information see the associated \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.emerson.com/en-us/support/security-notifications\\\"\u003eEmerson security notification.\u003c/a\u003e\u003c/p\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01\"}, {\"url\": \"https://www.emerson.com/en-us/support/security-notifications\"}, {\"url\": \"https://www.emerson.com/en-us/support/software-downloads-drivers\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Emerson ValveLink products \\nreceive input or data, but it do not validate or incorrectly \\nvalidates that the input has the properties that are required to process\\n the data safely and correctly.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Emerson ValveLink products \\nreceive input or data, but it do not validate or incorrectly \\nvalidates that the input has the properties that are required to process\\n the data safely and correctly.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-07-10T23:45:39.592Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-53471\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-11T13:29:12.368Z\", \"dateReserved\": \"2025-06-30T14:34:56.244Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2025-07-10T23:45:39.592Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.