Search criteria
45 vulnerabilities found for DeltaV by Emerson
VAR-201405-0281
Vulnerability from variot - Updated: 2025-11-18 15:07Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable application. Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3 Can be related to Emerson AMS Device Management version, Emerson AMS Wireless SNAP-ON also.
CVE-2014-2349 - World writable system folder CVE-2014-2350 - Hardcoded credentials
Please find fixes in KBA NK-1400-0031.
Kudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov
http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "12.3"
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov.",
"sources": [
{
"db": "BID",
"id": "67596"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2350",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2350",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "CVE-2014-2350",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "CNVD-2014-03278",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "f73024e8-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.5,
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-2350",
"trust": 1.0,
"value": "LOW"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2350",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2350",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-03278",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable application. \nEmerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3\nCan be related to Emerson AMS Device Management version, Emerson AMS\nWireless SNAP-ON also. \n\nCVE-2014-2349 - World writable system folder\nCVE-2014-2350 - Hardcoded credentials\n\nPlease find fixes in KBA NK-1400-0031. \n\nKudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov\nand Timur Yunusov\n\n\nhttp://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2350"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "126810"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2350",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-133-02",
"trust": 2.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03278",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453",
"trust": 1.2
},
{
"db": "BID",
"id": "67596",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "107279",
"trust": 0.6
},
{
"db": "IVD",
"id": "E84687A4-1ED5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "F73024E8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D70A8D1-463F-11E9-929A-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126810",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"id": "VAR-201405-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
}
],
"trust": 0.12
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
}
]
},
"last_update_date": "2025-11-18T15:07:46.994000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV hard-coded certificate security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45903"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
},
{
"problemtype": "CWE-798",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2350"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2350"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/107279"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02#footnotee_tgc3i2k"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2350"
},
{
"trust": 0.1,
"url": "http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"db": "BID",
"id": "67596"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67596"
},
{
"date": "2014-05-27T04:44:44",
"db": "PACKETSTORM",
"id": "126810"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"date": "2014-05-22T20:55:06.440000",
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03278"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67596"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-453"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002623"
},
{
"date": "2025-10-31T23:15:32.127000",
"db": "NVD",
"id": "CVE-2014-2350"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "e84687a4-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f73024e8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70a8d1-463f-11e9-929a-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-453"
}
],
"trust": 1.2
}
}
VAR-201405-0280
Vulnerability from variot - Updated: 2025-11-18 15:07Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV Contains vulnerabilities that modify or read configuration files.Engineering level authorization by local user (engineering-level privilege) May be used to modify or read the configuration file. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3 Can be related to Emerson AMS Device Management version, Emerson AMS Wireless SNAP-ON also.
CVE-2014-2349 - World writable system folder CVE-2014-2350 - Hardcoded credentials
Please find fixes in KBA NK-1400-0031.
Kudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov
http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 3.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "deltav",
"version": "12.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov.",
"sources": [
{
"db": "BID",
"id": "67594"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2349",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2014-2349",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2014-2349",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CNVD-2014-03277",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "f732f984-2351-11e6-abef-000c29c66e3d",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-2349",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2349",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2349",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-452",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. Emerson DeltaV Contains vulnerabilities that modify or read configuration files.Engineering level authorization by local user (engineering-level privilege) May be used to modify or read the configuration file. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. Emerson DeltaV has a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nEmerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 are vulnerable. DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3\nCan be related to Emerson AMS Device Management version, Emerson AMS\nWireless SNAP-ON also. \n\nCVE-2014-2349 - World writable system folder\nCVE-2014-2350 - Hardcoded credentials\n\nPlease find fixes in KBA NK-1400-0031. \n\nKudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov\nand Timur Yunusov\n\n\nhttp://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "126810"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2349",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-133-02",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2014-03277",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452",
"trust": 1.2
},
{
"db": "BID",
"id": "67594",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "107278",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D70CFDE-463F-11E9-83B6-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "EA6FA934-1ED5-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "F732F984-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126810",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"id": "VAR-201405-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
}
],
"trust": 0.12
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
}
]
},
"last_update_date": "2025-11-18T15:07:46.943000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV \u0027\\\\DeltaV\u0027 directory authorizes security to bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45902"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
},
{
"problemtype": "CWE-285",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2349"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2349"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/107278"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-02#footnotee_tgc3i2k"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2350"
},
{
"trust": 0.1,
"url": "http://www.scadastrangelove.blogspot.com/2014/05/emerson-deltav-vulnerabilitiesfixes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"db": "BID",
"id": "67594"
},
{
"db": "PACKETSTORM",
"id": "126810"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67594"
},
{
"date": "2014-05-27T04:44:44",
"db": "PACKETSTORM",
"id": "126810"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"date": "2014-05-22T20:55:06.377000",
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03277"
},
{
"date": "2014-05-22T00:00:00",
"db": "BID",
"id": "67594"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-452"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002622"
},
{
"date": "2025-10-31T23:15:31.537000",
"db": "NVD",
"id": "CVE-2014-2349"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67594"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-452"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV \u0027\\DeltaV\u0027 Directory Authorization Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "67594"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "7d70cfde-463f-11e9-83b6-000c29342cb1"
},
{
"db": "IVD",
"id": "ea6fa934-1ed5-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "f732f984-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 0.6
}
}
VAR-201702-0848
Vulnerability from variot - Updated: 2025-04-20 23:25An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is an elevation of privilege vulnerability in Emerson DeltaV
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "13.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "deltav",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3"
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94584"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9345",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2016-9345",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11817",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2016-9345",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9345",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9345",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. Emerson DeltaV is a digital automation system from Emerson, USA. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is an elevation of privilege vulnerability in Emerson DeltaV",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9345"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9345",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-334-02",
"trust": 2.7
},
{
"db": "BID",
"id": "94584",
"trust": 2.5
},
{
"db": "BID",
"id": "105767",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-11817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966",
"trust": 0.8
},
{
"db": "IVD",
"id": "8E3727F3-4C57-46FA-B531-77BA29B04434",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"id": "VAR-201702-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
}
]
},
"last_update_date": "2025-04-20T23:25:06.873000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV privilege patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84831"
},
{
"title": "Emerson DeltaV Repair measures for privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65971"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-334-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/94584"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/105767"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9345"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9345"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"db": "BID",
"id": "94584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "IVD",
"id": "8e3727f3-4c57-46fa-b531-77ba29b04434"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"date": "2016-11-29T00:00:00",
"db": "BID",
"id": "94584"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"date": "2016-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"date": "2017-02-13T21:59:01.767000",
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11817"
},
{
"date": "2016-12-20T02:03:00",
"db": "BID",
"id": "94584"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007966"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-704"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-9345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Easy Security Management Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007966"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-704"
}
],
"trust": 0.6
}
}
VAR-201303-0017
Vulnerability from variot - Updated: 2025-04-11 23:15The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. The following are vulnerable: DeltaV SE3006 SD Plus Controller versions 11.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior DeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior DeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav se3006 sd plus controller",
"scope": "lte",
"trust": 1.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3006 controller md plus hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus hardware",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.x"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.x"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3006 controller md plus",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav se3006 sd plus controller",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav ve3005 controller md",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "deltav ve3005 controller md",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "deltav ve3006 controller md plus",
"version": "*"
},
{
"model": "electric co deltav ve3006 controller md plus hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric co deltav ve3006 controller md plus hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav ve3005 controller md hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric co deltav ve3005 controller md hardware",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav se3006 sd plus controller",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav se3006 sd plus controller",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_se3006_sd_plus_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_ve3005_controller_md",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_ve3006_controller_md_plus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Langill",
"sources": [
{
"db": "BID",
"id": "58366"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2012-4703",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "0dba175e-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4703",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4703",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513. Emerson Deltav is a distributed control system. Emerson Deltav has a security hole in handling certain messages. Allows an attacker to exploit the vulnerability to restart the controller, causing a denial of service attack. Emerson DeltaV is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to consume available resources and crash the application, denying service to legitimate users. \nThe following are vulnerable:\nDeltaV SE3006 SD Plus Controller versions 11.3.1 and prior\nDeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior\nDeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior\nDeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior\nDeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4703"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4703",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-053-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2013-01690",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52486",
"trust": 0.6
},
{
"db": "BID",
"id": "58366",
"trust": 0.3
},
{
"db": "IVD",
"id": "0DBA175E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"id": "VAR-201303-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
}
],
"trust": 1.68461536
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
}
]
},
"last_update_date": "2025-04-11T23:15:26.984000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Emerson DeltaV denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/32712"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-053-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4703"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4703"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52486"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/edservices/automationsystems/deltav/pages/deltavtraining.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "BID",
"id": "58366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-11T00:00:00",
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"date": "2013-03-06T00:00:00",
"db": "BID",
"id": "58366"
},
{
"date": "2013-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"date": "2013-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"date": "2013-03-11T21:55:02.417000",
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"date": "2013-03-06T00:00:00",
"db": "BID",
"id": "58366"
},
{
"date": "2013-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001866"
},
{
"date": "2013-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-143"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-4703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01690"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "0dba175e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-143"
}
],
"trust": 0.8
}
}
VAR-201206-0258
Vulnerability from variot - Updated: 2025-04-11 22:53SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple Emerson Electric DeltaV products incorrectly filter user-submitted input, and an attacker can exploit a vulnerability for SQL injection attacks to obtain database information or control applications. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1815",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1815",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1815",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-319",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple Emerson Electric DeltaV products incorrectly filter user-submitted input, and an attacker can exploit a vulnerability for SQL injection attacks to obtain database information or control applications. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1815"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1815",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82011",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2637",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C51B3A36-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"id": "VAR-201206-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
}
]
},
"last_update_date": "2025-04-11T22:53:41.984000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "DeltaV multiple product SQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23445"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82011"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1815"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1815"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"date": "2012-06-08T18:55:01.567000",
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2637"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002654"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-319"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1815"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson of DeltaV In product SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "c51b3a36-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-319"
}
],
"trust": 0.8
}
}
VAR-201210-0173
Vulnerability from variot - Updated: 2025-04-11 22:53Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. Emerson DeltaV is a digital engineering control system developed by Emerson. Emerson DeltaV failed to properly filter the input in the project file, and illegal information in some fields can crash the program or be used to execute arbitrary code. Emerson DeltaV is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to cause a crash, denying service to legitimate users. Emerson DeltaV 9.3.1, 10.3.1, 11.3, and 11.3.1 are vulnerable. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Emerson DeltaV Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA50823
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50823
RELEASE DATE: 2012-10-01
DISCUSS ADVISORY: http://secunia.com/advisories/50823/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50823/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50823
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in DeltaV, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a buffer overflow and crash the application.
The vulnerability is reported in versions 9.3.1, 10.3.1, 11.3, and 11.3.1.
SOLUTION: Reportedly a hotfix has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "10.3 to 11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of the Security Research and Service Institute-Information and Communication Security Technology Center (ICST)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3035",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-3035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "565409ac-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3035",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3035",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-727",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows remote attackers to cause a denial of service (daemon crash) via a long string to an unspecified port. Emerson DeltaV is a digital engineering control system developed by Emerson. Emerson DeltaV failed to properly filter the input in the project file, and illegal information in some fields can crash the program or be used to execute arbitrary code. Emerson DeltaV is prone to a buffer-overflow vulnerability. \nAn attacker can exploit this issue to cause a crash, denying service to legitimate users. \nEmerson DeltaV 9.3.1, 10.3.1, 11.3, and 11.3.1 are vulnerable. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nEmerson DeltaV Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA50823\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50823/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50823\n\nRELEASE DATE:\n2012-10-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50823/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50823/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50823\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in DeltaV, which can be exploited\nby malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error when processing certain\npackets and can be exploited to cause a buffer overflow and crash the\napplication. \n\nThe vulnerability is reported in versions 9.3.1, 10.3.1, 11.3, and\n11.3.1. \n\nSOLUTION:\nReportedly a hotfix has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3035"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "117029"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3035",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-265-01",
"trust": 1.9
},
{
"db": "BID",
"id": "55719",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2012-5529",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47144",
"trust": 0.6
},
{
"db": "IVD",
"id": "565409AC-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50823",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "117029",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "PACKETSTORM",
"id": "117029"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"id": "VAR-201210-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
}
],
"trust": 1.68461536
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
}
]
},
"last_update_date": "2025-04-11T22:53:41.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "Patch for Emerson DeltaV Buffer Overflow Vulnerability (CNVD-2012-5529)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23449"
},
{
"title": "Emerson DeltaV Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123573"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-265-01.pdf"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78972"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/55719"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3035"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3035"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47144"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50823"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50823/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50823/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "PACKETSTORM",
"id": "117029"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"db": "BID",
"id": "55719"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"db": "PACKETSTORM",
"id": "117029"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-08T00:00:00",
"db": "IVD",
"id": "565409ac-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"date": "2012-09-28T00:00:00",
"db": "BID",
"id": "55719"
},
{
"date": "2012-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"date": "2012-10-01T06:11:44",
"db": "PACKETSTORM",
"id": "117029"
},
{
"date": "2012-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"date": "2012-10-01T18:55:00.923000",
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5529"
},
{
"date": "2012-09-28T00:00:00",
"db": "BID",
"id": "55719"
},
{
"date": "2012-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004667"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-727"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3035"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004667"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-727"
}
],
"trust": 0.6
}
}
VAR-201206-0259
Vulnerability from variot - Updated: 2025-04-11 22:53PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1816",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1816",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1816",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1816"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1816",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82012",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2639",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C50F1CCE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"id": "VAR-201206-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
}
]
},
"last_update_date": "2025-04-11T22:53:41.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Patch for DeltaV Multiple Product Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23447"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82012"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1816"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1816"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"date": "2012-06-08T18:55:01.610000",
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2639"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002655"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-320"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson of DeltaV Product PORTSERV.exe Service disruption in ( Daemon crash ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c50f1cce-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-320"
}
],
"trust": 0.8
}
}
VAR-201206-0261
Vulnerability from variot - Updated: 2025-04-11 22:53An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1818",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1818",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1818",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1818",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1818"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1818",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82014",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2643",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C4F6A3C4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"id": "VAR-201206-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
}
]
},
"last_update_date": "2025-04-11T22:53:41.863000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "DeltaV Multiple Product File Operation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23448"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82014"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1818"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1818"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"date": "2012-06-08T18:55:01.707000",
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2643"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002657"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-322"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1818"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Multiple Product File Operation Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "c4f6a3c4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2643"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-322"
}
],
"trust": 0.6
}
}
VAR-201206-0260
Vulnerability from variot - Updated: 2025-04-11 22:53Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1817",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1817",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1817",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-321",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1817"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1817",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "82013",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2641",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C502EB7A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"id": "VAR-201206-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
}
]
},
"last_update_date": "2025-04-11T22:53:41.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/82013"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1817"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1817"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"date": "2012-06-08T18:55:01.657000",
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002656"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-321"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Multiple Product Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2641"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c502eb7a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-321"
}
],
"trust": 0.8
}
}
VAR-201206-0257
Vulnerability from variot - Updated: 2025-04-11 22:53Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. There are cross-site scripting vulnerabilities in multiple Emerson Electric DeltaV products that allow an attacker to exploit a vulnerability to build a malicious web page, entice a user to resolve, obtain sensitive information, or hijack a user session. Multiple DeltaV Products are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: DeltaV Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49210
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
RELEASE DATE: 2012-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/49210/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49210/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49210
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error within PORTSERV.exe can be exploited to cause a crash via a specially crafted packet sent to TCP or UDP port 111.
4) An error within the processing of certain fields in project files can be exploited to cause a buffer overflow via a specially crafted project file.
5) An insecure method within an ActiveX control can be exploited to overwrite arbitrary files.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in the following applications: * DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and 11.3.1 * DeltaV ProEssentials Scientific Graph version 5.0.0.6
SOLUTION: Apply hotfix (please contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute.
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "9.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 1.6,
"vendor": "emerson",
"version": "10.3.1"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "5"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "11"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "10"
},
{
"model": "electric co deltav workstations",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "9"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": "deltav proessentials scientific graph",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v5.0.0.6"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v10.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v11.3 and v11.3.1"
},
{
"model": "deltav workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "v9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav proessentials scientific graph",
"version": "5.0.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "9.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "10.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav workstation",
"version": "11.3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_proessentials_scientific_graph",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emerson:deltav_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung of Security Research and Service Institute.",
"sources": [
{
"db": "BID",
"id": "53591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1814",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c52838a8-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1814",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1814",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Emerson Electric is a diversified global manufacturer. Provides network energy, process management, industrial automation, environmental optimization technology, tools and storage. There are cross-site scripting vulnerabilities in multiple Emerson Electric DeltaV products that allow an attacker to exploit a vulnerability to build a malicious web page, entice a user to resolve, obtain sensitive information, or hijack a user session. Multiple DeltaV Products are prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim\u0027s computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDeltaV Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49210\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49210/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nRELEASE DATE:\n2012-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49210/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49210/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in DeltaV products, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks, SQL injection attacks, cause a DoS (Denial of Service), and\ncompromise a vulnerable system. \n\n1) Certain unspecified input is not properly sanitised before being\nreturned to the user. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \n\n2) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n3) An error within PORTSERV.exe can be exploited to cause a crash via\na specially crafted packet sent to TCP or UDP port 111. \n\n4) An error within the processing of certain fields in project files\ncan be exploited to cause a buffer overflow via a specially crafted\nproject file. \n\n5) An insecure method within an ActiveX control can be exploited to\noverwrite arbitrary files. \n\nSuccessful exploitation of vulnerabilities #4 and #5 may allow\nexecution of arbitrary code. \n\nThe vulnerabilities are reported in the following applications:\n* DeltaV and DeltaV Workstations versions 9.3.1, 10.3.1, 11.3, and\n11.3.1\n* DeltaV ProEssentials Scientific Graph version 5.0.0.6\n\nSOLUTION:\nApply hotfix (please contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Security Research and Service\nInstitute. \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1814"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "112840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1814",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-138-01",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49210",
"trust": 1.8
},
{
"db": "BID",
"id": "53591",
"trust": 1.3
},
{
"db": "OSVDB",
"id": "81996",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-2636",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-137-01",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19718",
"trust": 0.6
},
{
"db": "IVD",
"id": "C52838A8-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "112840",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"id": "VAR-201206-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
}
],
"trust": 1.6067765666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
}
]
},
"last_update_date": "2025-04-11T22:53:41.783000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Workstation Hardware",
"trust": 0.8,
"url": "http://www2.emersonprocess.com/siteadmincenter/PM%20DeltaV%20Documents/ProductDataSheets/PDS_WkstationHdware.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emerson.com/en-US/Pages/default.aspx"
},
{
"title": "\u65e5\u672c\u30a8\u30de\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.emerson.co.jp/index.html"
},
{
"title": "\u5206\u6563\u578b\u5236\u5fa1\u30b7\u30b9\u30c6\u30e0\uff08DCS\uff09 DeltaV\u30b7\u30b9\u30c6\u30e0",
"trust": 0.8,
"url": "http://www.emerson.co.jp/div/epm/product5_1.html"
},
{
"title": "Patch for cross-site scripting vulnerabilities in multiple DeltaV products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23443"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-138-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49210"
},
{
"trust": 1.0,
"url": "http://osvdb.org/81996"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/53591"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1814"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1814"
},
{
"trust": 0.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-137-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19718"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49210/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49210"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"db": "BID",
"id": "53591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"db": "PACKETSTORM",
"id": "112840"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"date": "2012-05-16T00:00:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"date": "2012-05-18T06:07:17",
"db": "PACKETSTORM",
"id": "112840"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"date": "2012-06-08T18:55:01.503000",
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2636"
},
{
"date": "2012-05-30T22:50:00",
"db": "BID",
"id": "53591"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002653"
},
{
"date": "2012-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-318"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Multiple Product Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c52838a8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2636"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-318"
}
],
"trust": 0.6
}
}
VAR-201901-0856
Vulnerability from variot - Updated: 2024-11-23 22:48A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson Electric. The system includes network security management, alarm management, batch control and change management. Emerson DeltaV is prone to an authentication-bypass vulnerability. DeltaV Distributed Control System 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "11.3.2"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "gte",
"trust": 1.0,
"vendor": "emerson",
"version": "r5.1"
},
{
"model": "deltav",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "r6"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "14.3"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "11.3.2"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "14.3"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "r5.1"
},
{
"model": "deltav distributed control system",
"scope": "lte",
"trust": 0.8,
"vendor": "emerson",
"version": "r6"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.2"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "electric deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "14.3"
},
{
"model": "electric deltav distributed control system r5.1",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "electric deltav distributed control system \u003c=r6",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav r6",
"scope": null,
"trust": 0.3,
"vendor": "emerson",
"version": null
},
{
"model": "deltav r5.1",
"scope": null,
"trust": 0.3,
"vendor": "emerson",
"version": null
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "14.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "14.3"
},
{
"model": "r5.1",
"scope": null,
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_distributed_control_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Nochvay of Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106522"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
],
"trust": 0.9
},
"cve": "CVE-2018-19021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-19021",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-01681",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-19021",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19021",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19021",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-19021",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-01681",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-433",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. The Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson Electric. The system includes network security management, alarm management, batch control and change management. Emerson DeltaV is prone to an authentication-bypass vulnerability. \nDeltaV Distributed Control System 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19021",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-010-01",
"trust": 2.7
},
{
"db": "BID",
"id": "106522",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2019-01681",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D84CD0F-463F-11E9-95FB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"id": "VAR-201901-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
}
]
},
"last_update_date": "2024-11-23T22:48:30.705000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Distributed Control System",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/control-and-safety-systems/distributed-control-systems-dcs/deltav-distributed-control-system"
},
{
"title": "Emerson DeltaV Distributed Control System Authentication Vulnerability Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/150173"
},
{
"title": "Emerson DeltaV Distributed Control System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88591"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-010-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/106522"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19021"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19021"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"db": "BID",
"id": "106522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"date": "2019-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"date": "2019-01-10T00:00:00",
"db": "BID",
"id": "106522"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"date": "2019-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"date": "2019-01-25T20:29:00.283000",
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01681"
},
{
"date": "2019-01-10T00:00:00",
"db": "BID",
"id": "106522"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013887"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-433"
},
{
"date": "2024-11-21T03:57:10.977000",
"db": "NVD",
"id": "CVE-2018-19021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV Distributed Control System Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d84cd0f-463f-11e9-95fb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-01681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-433"
}
],
"trust": 0.6
}
}
VAR-201808-0378
Vulnerability from variot - Updated: 2024-11-23 21:52Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 1.4,
"vendor": "emerson",
"version": "r5"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.3,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.0,
"vendor": "emerson",
"version": "r5"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "12.3.15"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav_distributed_control_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-15737",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-14791",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14791",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14791",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-564",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Emerson DeltaV DCS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A stack-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14791",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-15737",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F8391F-39AB-11E9-8A62-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"id": "VAR-201808-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
}
]
},
"last_update_date": "2024-11-23T21:52:56.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV Distributed Control System",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/control-and-safety-systems/distributed-control-systems-dcs/deltav-distributed-control-system"
},
{
"title": "Emerson Electric DeltaV Rights Management Patch for Vulnerable Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138023"
},
{
"title": "Emerson Electric DeltaV Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14791"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14791"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f8391f-39ab-11e9-8a62-000c29342cb1"
},
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"date": "2018-08-23T19:29:00.907000",
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15737"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009547"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-564"
},
{
"date": "2024-11-21T03:49:48.110000",
"db": "NVD",
"id": "CVE-2018-14791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV DCS Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-564"
}
],
"trust": 0.6
}
}
VAR-201808-0381
Vulnerability from variot - Updated: 2024-11-23 21:52Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. Emerson DeltaV DCS Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.1,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.1,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.1,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.8,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav",
"scope": "eq",
"trust": 1.8,
"vendor": "emerson",
"version": "r5"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "r5"
},
{
"model": "deltav distributed control system",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav distributed control system",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14797",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-15735",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2f88740-39ab-11e9-99de-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-14797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14797",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15735",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-562",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. Emerson DeltaV DCS Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. There is a security hole in Emerson Electric Deltav. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A stack-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14797"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14797",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-15735",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F88740-39AB-11E9-99DE-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"id": "VAR-201808-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
}
]
},
"last_update_date": "2024-11-23T21:52:56.244000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/deltav"
},
{
"title": "Emerson Electric Deltav Uncontrolled Search Path Element Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138019"
},
{
"title": "Emerson Electric Deltav Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84150"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14797"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14797"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"date": "2018-08-23T19:29:01.017000",
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15735"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009508"
},
{
"date": "2022-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-562"
},
{
"date": "2024-11-21T03:49:48.897000",
"db": "NVD",
"id": "CVE-2018-14797"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric Deltav Uncontrolled Search Path Element Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2f88740-39ab-11e9-99de-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-562"
}
],
"trust": 0.8
}
}
VAR-201808-0379
Vulnerability from variot - Updated: 2024-11-23 21:52DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. DeltaV Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A stack buffer overflow vulnerability exists in Emerson Electric Deltav. Emerson DeltaV is prone to the following multiple security vulnerabilities: 1. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0379",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "r5"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-14793",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-15738",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-14793",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14793",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14793",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15738",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. DeltaV Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A stack buffer overflow vulnerability exists in Emerson Electric Deltav. Emerson DeltaV is prone to the following multiple security vulnerabilities:\n1. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14793",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-15738",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F7EB01-39AB-11E9-8366-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"id": "VAR-201808-0379",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
}
]
},
"last_update_date": "2024-11-23T21:52:56.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.emerson.co.jp/ja-jp"
},
{
"title": "Emerson Electric DeltaV Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138027"
},
{
"title": "Emerson Electric DeltaV Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84153"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14793"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14793"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"date": "2018-08-21T14:29:00.983000",
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15738"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009188"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-565"
},
{
"date": "2024-11-21T03:49:48.380000",
"db": "NVD",
"id": "CVE-2018-14793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric DeltaV Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f7eb01-39ab-11e9-8366-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-565"
}
],
"trust": 0.8
}
}
VAR-201808-0380
Vulnerability from variot - Updated: 2024-11-23 21:52DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. DeltaV Contains a path traversal vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A path traversal vulnerability exists in Emerson Electric Deltav that stems from a program failing to validate the path. An attacker could exploit the vulnerability to replace the executable. Emerson DeltaV is prone to the following multiple security vulnerabilities: 1. An arbitrary-code-execution vulnerability 2. Multiple security-bypass vulnerabilities 3. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "13.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "11.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.7,
"vendor": "emerson",
"version": "12.3.1"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "13.3.0"
},
{
"model": "deltav",
"scope": "eq",
"trust": 2.4,
"vendor": "emerson",
"version": "r5"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v11.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v12.3.1"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.0"
},
{
"model": "electric deltav",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "v13.3.1"
},
{
"model": "electric deltav r5",
"scope": null,
"trust": 0.6,
"vendor": "emerson",
"version": null
},
{
"model": "deltav",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "13.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "11.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "12.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "deltav",
"version": "13.3.1"
},
{
"model": "r5",
"scope": null,
"trust": 0.2,
"vendor": "deltav",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:deltav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ori Perez of CyberX,Younes Dragoni of Nozomi Networks, and Emerson.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-14795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-15736",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-14795",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14795",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-15736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-563",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. DeltaV Contains a path traversal vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Emerson Electric DeltaV is a digital automation system from Emerson Electric. The system provides I/O on-demand configuration, embedded intelligent control and alarm panel functions. A path traversal vulnerability exists in Emerson Electric Deltav that stems from a program failing to validate the path. An attacker could exploit the vulnerability to replace the executable. Emerson DeltaV is prone to the following multiple security vulnerabilities:\n1. An arbitrary-code-execution vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A stack-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14795"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14795",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-228-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105105",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2018-15736",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F86030-39AB-11E9-8C98-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"id": "VAR-201808-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
}
],
"trust": 1.7423076800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
}
]
},
"last_update_date": "2024-11-23T21:52:55.802000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DeltaV",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/automation/deltav"
},
{
"title": "Emerson Electric Deltav Path Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138021"
},
{
"title": "Emerson Electric Deltav Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
},
{
"problemtype": "CWE-23",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-228-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14795"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14795"
},
{
"trust": 0.3,
"url": "http://emerson.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "BID",
"id": "105105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"date": "2018-08-21T14:29:01.357000",
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105105"
},
{
"date": "2018-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009283"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-563"
},
{
"date": "2024-11-21T03:49:48.643000",
"db": "NVD",
"id": "CVE-2018-14795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Electric Deltav Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15736"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "e2f86030-39ab-11e9-8c98-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-563"
}
],
"trust": 0.8
}
}
CVE-2021-44463 (GCVE-0-2021-44463)
Vulnerability from nvd – Published: 2022-01-28 19:09 – Updated: 2025-04-17 15:51
VLAI?
Title
Emerson DeltaV Uncontrolled Search Path Element
Summary
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Sharon Brizinov of Claroty reported these vulnerabilities to Emerson.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-44463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:30:28.054050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:51:38.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
},
"title": "Emerson DeltaV Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T15:34:00.000Z",
"ID": "CVE-2021-44463",
"STATE": "PUBLIC",
"TITLE": "Emerson DeltaV Uncontrolled Search Path Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
]
},
"solution": [
{
"lang": "en"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-44463",
"datePublished": "2022-01-28T19:09:50.632Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-17T15:51:38.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19021 (GCVE-0-2018-19021)
Vulnerability from nvd – Published: 2019-01-25 20:00 – Updated: 2024-09-17 03:52
VLAI?
Summary
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-307 - Authentication Bypass CWE-307
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | Emerson DeltaV |
Affected:
DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson DeltaV",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Authentication Bypass CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-26T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-19021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson DeltaV",
"version": {
"version_data": [
{
"version_value": "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19021",
"datePublished": "2019-01-25T20:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-17T03:52:35.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14797 (GCVE-0-2018-14797)
Vulnerability from nvd – Published: 2018-08-23 19:00 – Updated: 2024-09-17 04:19
VLAI?
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | DeltaV DCS |
Affected:
v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV DCS",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV DCS",
"version": {
"version_data": [
{
"version_value": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14797",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T04:19:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14791 (GCVE-0-2018-14791)
Vulnerability from nvd – Published: 2018-08-23 19:00 – Updated: 2024-09-16 22:51
VLAI?
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
Severity ?
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | DeltaV DCS |
Affected:
v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV DCS",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV DCS",
"version": {
"version_data": [
{
"version_value": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14791",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T22:51:13.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14795 (GCVE-0-2018-14795)
Vulnerability from nvd – Published: 2018-08-21 14:00 – Updated: 2024-09-16 20:26
VLAI?
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
Severity ?
No CVSS data available.
CWE
- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14795",
"datePublished": "2018-08-21T14:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T20:26:38.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14793 (GCVE-0-2018-14793)
Vulnerability from nvd – Published: 2018-08-21 14:00 – Updated: 2024-09-16 23:46
VLAI?
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14793",
"datePublished": "2018-08-21T14:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T23:46:15.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9345 (GCVE-0-2016-9345)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
Severity ?
No CVSS data available.
CWE
- Emerson DeltaV Easy Security Management Application Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson DeltaV Easy Security Management through 13.3 |
Affected:
Emerson DeltaV Easy Security Management through 13.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson DeltaV Easy Security Management through 13.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Emerson DeltaV Easy Security Management through 13.3"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Emerson DeltaV Easy Security Management Application Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson DeltaV Easy Security Management through 13.3",
"version": {
"version_data": [
{
"version_value": "Emerson DeltaV Easy Security Management through 13.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Emerson DeltaV Easy Security Management Application Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9345",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2350 (GCVE-0-2014-2350)
Vulnerability from nvd – Published: 2014-05-22 20:00 – Updated: 2025-10-31 22:55
VLAI?
Title
Emerson DeltaV Use of Hard-coded Credentials
Summary
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Credits
Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov of Positive Technologies
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DeltaV",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "11.3"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "12.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov of Positive Technologies"
}
],
"datePublic": "2014-05-22T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.\n\n\u003c/p\u003e"
}
],
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T22:55:07.498Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Emerson has created a patch to mitigate these vulnerabilities. Emerson \nhas distributed a notification (KBA NK-1400-0031) that provides details \nof the vulnerabilities, recommended mitigations, and instructions on \nobtaining and installing the patch. This document is available on \nEmerson\u2019s support site to users who have support contracts with Emerson.\n If you do not have access to this site and need to apply the patch, \nplease contact customer service at 1\u2011800\u2011833\u20118314.\n\n\u003cbr\u003e"
}
],
"value": "Emerson has created a patch to mitigate these vulnerabilities. Emerson \nhas distributed a notification (KBA NK-1400-0031) that provides details \nof the vulnerabilities, recommended mitigations, and instructions on \nobtaining and installing the patch. This document is available on \nEmerson\u2019s support site to users who have support contracts with Emerson.\n If you do not have access to this site and need to apply the patch, \nplease contact customer service at 1\u2011800\u2011833\u20118314."
}
],
"source": {
"advisory": "ICSA-14-133-02",
"discovery": "UNKNOWN"
},
"title": "Emerson DeltaV Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2350",
"datePublished": "2014-05-22T20:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-31T22:55:07.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-44463 (GCVE-0-2021-44463)
Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2025-04-17 15:51
VLAI?
Title
Emerson DeltaV Uncontrolled Search Path Element
Summary
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Sharon Brizinov of Claroty reported these vulnerabilities to Emerson.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-44463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:30:28.054050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:51:38.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"datePublic": "2021-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:09:50.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
},
"title": "Emerson DeltaV Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T15:34:00.000Z",
"ID": "CVE-2021-44463",
"STATE": "PUBLIC",
"TITLE": "Emerson DeltaV Uncontrolled Search Path Element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
]
},
"solution": [
{
"lang": "en"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-44463",
"datePublished": "2022-01-28T19:09:50.632Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-04-17T15:51:38.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19021 (GCVE-0-2018-19021)
Vulnerability from cvelistv5 – Published: 2019-01-25 20:00 – Updated: 2024-09-17 03:52
VLAI?
Summary
A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-307 - Authentication Bypass CWE-307
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | Emerson DeltaV |
Affected:
DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson DeltaV",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Authentication Bypass CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-26T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-19021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson DeltaV",
"version": {
"version_data": [
{
"version_value": "DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior."
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106522"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-19021",
"datePublished": "2019-01-25T20:00:00Z",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-09-17T03:52:35.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14791 (GCVE-0-2018-14791)
Vulnerability from cvelistv5 – Published: 2018-08-23 19:00 – Updated: 2024-09-16 22:51
VLAI?
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
Severity ?
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | DeltaV DCS |
Affected:
v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV DCS",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV DCS",
"version": {
"version_data": [
{
"version_value": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14791",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T22:51:13.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14797 (GCVE-0-2018-14797)
Vulnerability from cvelistv5 – Published: 2018-08-23 19:00 – Updated: 2024-09-17 04:19
VLAI?
Summary
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-427 - UNCONTROLLED SEARCH PATH ELEMENT CWE-427
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | DeltaV DCS |
Affected:
v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV DCS",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV DCS",
"version": {
"version_data": [
{
"version_value": "v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14797",
"datePublished": "2018-08-23T19:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T04:19:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14793 (GCVE-0-2018-14793)
Vulnerability from cvelistv5 – Published: 2018-08-21 14:00 – Updated: 2024-09-16 23:46
VLAI?
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14793",
"datePublished": "2018-08-21T14:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T23:46:15.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14795 (GCVE-0-2018-14795)
Vulnerability from cvelistv5 – Published: 2018-08-21 14:00 – Updated: 2024-09-16 20:26
VLAI?
Summary
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
Severity ?
No CVSS data available.
CWE
- CWE-23 - RELATIVE PATH TRAVERSAL CWE-23
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DeltaV",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "RELATIVE PATH TRAVERSAL CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-14795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DeltaV",
"version": {
"version_data": [
{
"version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01"
},
{
"name": "105105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14795",
"datePublished": "2018-08-21T14:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T20:26:38.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9345 (GCVE-0-2016-9345)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
Severity ?
No CVSS data available.
CWE
- Emerson DeltaV Easy Security Management Application Vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Emerson DeltaV Easy Security Management through 13.3 |
Affected:
Emerson DeltaV Easy Security Management through 13.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emerson DeltaV Easy Security Management through 13.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Emerson DeltaV Easy Security Management through 13.3"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Emerson DeltaV Easy Security Management Application Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94584"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emerson DeltaV Easy Security Management through 13.3",
"version": {
"version_data": [
{
"version_value": "Emerson DeltaV Easy Security Management through 13.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Emerson DeltaV Easy Security Management Application Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02"
},
{
"name": "105767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "94584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94584"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9345",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}