CVE-2022-29965 - OpenCVE

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emerson	Deltav Distributed Control System Deltav Distributed Control System Sq Controller Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Deltav Distributed Control System Sx Controller Firmware Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block Se4002s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware Se4003s2b4 16-pin Mass I\/o Terminal Block Se4003s2b4 16-pin Mass I\/o Terminal Block Firmware Se4003s2b524-pin Mass I\/o Terminal Block Se4003s2b524-pin Mass I\/o Terminal Block Firmware Se4017p0 H1 I\/o Interface Card And Terminl Block Se4017p0 H1 I\/o Interface Card And Terminl Block Firmware Se4017p1 H1 I\/o Card With Integrated Power Se4017p1 H1 I\/o Card With Integrated Power Firmware Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Se4019p0 Simplex H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware Se4026 Virtual I\/o Module 2 Se4026 Virtual I\/o Module 2 Firmware Se4027 Virtual I\/o Module 2 Se4027 Virtual I\/o Module 2 Firmware Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Se4032s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware Se4037p0 H1 I\/o Interface Card And Terminl Block Se4037p0 H1 I\/o Interface Card And Terminl Block Firmware Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block Se4037p1 Redundant H1 I\/o Card With Integrated Power And Terminal Block Firmware Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Se4039p0 Redundant H1 4-port Plus Fieldbus I\/o Interface With Terminalblock Firmware Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block Se4052s1t2b6 High Side 40-pin Mass I\/o Terminal Block Firmware Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Se4082s1t2b8 High Side 40-pin Do Mass I\/o Terminal Block Firmware Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly Se4100 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly Se4101 Simplex Ethernet I\/o Card \(eioc\) Assembly Firmware Se4801t0x Redundant Wireless I\/o Card Se4801t0x Redundant Wireless I\/o Card Firmware Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\) Ve4103 Modbus Tcp Interface For Ethernet Connected I\/o \(eioc\) Firmware Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\) Ve4104 Ethernet\/ip Control Tag Integration For Ethernet Connected I\/o \(eioc\) Firmware Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\) Ve4105 Ethernet\/ip Interface For Ethernet Connected I\/o \(eioc\) Firmware Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\) Ve4106 Opc-ua Client For Ethernet Connected I\/o \(eioc\) Firmware Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\) Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/o \(eioc\) Firmware

Configuration 1 [-]

cpe:2.3:a:emerson:deltav_distributed_control_system:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:emerson:deltav_distributed_control_system_sq_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:deltav_distributed_control_system_sq_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:emerson:deltav_distributed_control_system_sx_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:deltav_distributed_control_system_sx_controller:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:emerson:se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:emerson:se4003s2b4_16-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4003s2b4_16-pin_mass_i\/o_terminal_block:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:emerson:se4003s2b524-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4003s2b524-pin_mass_i\/o_terminal_block:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:emerson:se4017p0_h1_i\/o_interface_card_and_terminl_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4017p0_h1_i\/o_interface_card_and_terminl_block:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:emerson:se4017p1_h1_i\/o_card_with_integrated_power_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4017p1_h1_i\/o_card_with_integrated_power:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:emerson:se4026_virtual_i\/o_module_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4026_virtual_i\/o_module_2:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:emerson:se4027_virtual_i\/o_module_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4027_virtual_i\/o_module_2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:emerson:se4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:emerson:se4037p0_h1_i\/o_interface_card_and_terminl_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4037p0_h1_i\/o_interface_card_and_terminl_block:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:emerson:se4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:emerson:se4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:emerson:se4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:emerson:se4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:emerson:se4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:emerson:se4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\/o_card_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\/o_card:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:emerson:ve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:ve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\):-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:emerson:ve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:ve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\):-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:emerson:ve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:ve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\):-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:emerson:ve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:ve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\):-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:emerson:ve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:emerson:ve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\):-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03
https://www.forescout.com/blog/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-26T21:14:24

Updated: 2024-08-03T06:33:43.166Z

Reserved: 2022-04-29T00:00:00

Link: CVE-2022-29965

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-26T22:15:11.183

Modified: 2023-01-24T16:06:41.127

Link: CVE-2022-29965

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object