Filtered by vendor Emerson
Subscriptions
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10967 | 1 Emerson | 2 Ovation Ocr400, Ovation Ocr400 Firmware | 2024-08-04 | 8.8 High |
| In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. | ||||
| CVE-2020-27254 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-08-04 | 7.5 High |
| Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | ||||
| CVE-2020-19419 | 1 Emerson | 2 Smart Wireless Gateway 1420, Smart Wireless Gateway 1420 Firmware | 2024-08-04 | 7.5 High |
| Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | ||||
| CVE-2020-19417 | 1 Emerson | 2 Wireless 1420 Gateway, Wireless 1420 Gateway Firmware | 2024-08-04 | 8.8 High |
| Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. | ||||
| CVE-2020-16235 | 1 Emerson | 1 Openenterprise Scada Server | 2024-08-04 | 3.8 Low |
| Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained. | ||||
| CVE-2020-12030 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more | 2024-08-04 | 10 Critical |
| There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | ||||
| CVE-2020-10640 | 1 Emerson | 1 Openenterprise Scada Server | 2024-08-04 | 10 Critical |
| Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | ||||
| CVE-2020-10636 | 1 Emerson | 1 Openenterprise Scada Server | 2024-08-04 | 6.5 Medium |
| Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained. | ||||
| CVE-2020-10632 | 1 Emerson | 1 Openenterprise Scada Server | 2024-08-04 | 8.8 High |
| Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner. | ||||
| CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-08-04 | 7.8 High |
| In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | ||||
| CVE-2020-6970 | 1 Emerson | 1 Openenterprise Scada Server | 2024-08-04 | 9.8 Critical |
| A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | ||||
| CVE-2021-45421 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2024-08-04 | 7.5 High |
| Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced | ||||
| CVE-2021-45420 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2024-08-04 | 9.8 Critical |
| Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced | ||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2024-08-04 | 9.8 Critical |
| Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | ||||
| CVE-2021-29298 | 1 Emerson | 1 Proficy Machine Edition | 2024-08-03 | 5.3 Medium |
| Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll". | ||||
| CVE-2021-29297 | 1 Emerson | 1 Proficy Machine Edition | 2024-08-03 | 5.3 Medium |
| Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll". | ||||
| CVE-2021-27465 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-08-03 | 6.1 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. | ||||
| CVE-2021-27457 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-08-03 | 7.5 High |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | ||||
| CVE-2021-27467 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-08-03 | 6.1 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2021-27463 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-08-03 | 5.3 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. | ||||