Emerson ValveLink Products store
sensitive information in cleartext within a resource that might be accessible to another control sphere.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-21095 Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
Fixes

Solution

Emerson recommends users update their Valvelink software to ValveLink 14.0 or later. The upgrade can be downloaded from the Emerson website https://www.emerson.com/en-us/support/software-downloads-drivers  .For more information see the associated Emerson security notification. https://www.emerson.com/en-us/support/security-notifications


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 8e-05}

epss

{'score': 6e-05}


Fri, 11 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 8e-05}


Fri, 11 Jul 2025 00:00:00 +0000

Type Values Removed Values Added
Description Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
Title Emerson ValveLink Products Cleartext Storage of Sensitive Information in Memory
Weaknesses CWE-316
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-07-11T13:54:53.276Z

Reserved: 2025-06-30T14:34:56.221Z

Link: CVE-2025-50109

cve-icon Vulnrichment

Updated: 2025-07-11T13:54:50.255Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-11T00:15:26.090

Modified: 2025-07-15T13:14:49.980

Link: CVE-2025-50109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:06:14Z