{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DeltaV", "vendor": "Emerson", "versions": [{"status": "affected", "version": "10.3.1"}, {"status": "affected", "version": "11.3"}, {"status": "affected", "version": "11.3.1"}, {"status": "affected", "version": "12.3"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov, and Timur Yunusov of Positive Technologies"}], "datePublic": "2014-05-22T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\nEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.\n\n</p>"}], "value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-31T22:55:07.498Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Emerson has created a patch to mitigate these vulnerabilities. Emerson \nhas distributed a notification (KBA NK-1400-0031) that provides details \nof the vulnerabilities, recommended mitigations, and instructions on \nobtaining and installing the patch. This document is available on \nEmerson\u2019s support site to users who have support contracts with Emerson.\n If you do not have access to this site and need to apply the patch, \nplease contact customer service at 1\u2011800\u2011833\u20118314.\n\n<br>"}], "value": "Emerson has created a patch to mitigate these vulnerabilities. Emerson \nhas distributed a notification (KBA NK-1400-0031) that provides details \nof the vulnerabilities, recommended mitigations, and instructions on \nobtaining and installing the patch. This document is available on \nEmerson\u2019s support site to users who have support contracts with Emerson.\n If you do not have access to this site and need to apply the patch, \nplease contact customer service at 1\u2011800\u2011833\u20118314."}], "source": {"advisory": "ICSA-14-133-02", "discovery": "UNKNOWN"}, "title": "Emerson DeltaV Use of Hard-coded Credentials", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2350", "datePublished": "2014-05-22T20:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-31T22:55:07.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emerson:deltav:10.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E005DD9A-07FB-4DE2-810B-372E62A091B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:emerson:deltav:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0123046-D89E-4FBB-9176-C04E0C65E9AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:emerson:deltav:11.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "943B3480-56C4-4131-BE8F-62FE035D4619", "vulnerable": true}, {"criteria": "cpe:2.3:a:emerson:deltav:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "0DA838B9-D68D-46FE-88A8-C0D1C3AC407C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program."}, {"lang": "es", "value": "Emerson DeltaV 10.3.1, 11.3, 11.3.1 y 12.3 utiliza credenciales embebidas para servicios diagn\u00f3sticos, lo que permite a atacantes remotos evadir restricciones de acceso a trav\u00e9s de una sesi\u00f3n TCP, tal y como fue demostrado por una sesi\u00f3n que utiliza el programa telnet."}], "id": "CVE-2014-2350", "lastModified": "2025-10-31T23:15:32.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-22T20:55:06.440", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-133-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}