Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-3088 Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
Fixes

Solution

Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area. Please send any questions via a SupportNet ticket or by contacting Emerson at US 800-537-9313. For users outside of the United States, please use international toll-free numbers.


Workaround

No workaround given by the vendor.

History

Wed, 16 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-04-16T16:44:20.840Z

Reserved: 2020-03-16T00:00:00.000Z

Link: CVE-2020-10640

cve-icon Vulnrichment

Updated: 2024-08-04T11:06:10.616Z

cve-icon NVD

Status : Modified

Published: 2022-02-24T19:15:08.707

Modified: 2024-11-21T04:55:45.277

Link: CVE-2020-10640

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.