{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53471", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-06-30T14:34:56.244Z", "datePublished": "2025-07-10T23:45:39.592Z", "dateUpdated": "2025-07-11T13:29:12.368Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ValveLink SOLO", "vendor": "Emerson", "versions": [{"lessThan": "ValveLink 14.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ValveLink DTM", "vendor": "Emerson", "versions": [{"lessThan": "ValveLink 14.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ValveLink PRM", "vendor": "Emerson", "versions": [{"lessThan": "ValveLink 14.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ValveLink SNAP-ON", "vendor": "Emerson", "versions": [{"lessThan": "ValveLink 14.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Emerson reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."}], "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-10T23:45:39.592Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"}, {"url": "https://www.emerson.com/en-us/support/security-notifications"}, {"url": "https://www.emerson.com/en-us/support/software-downloads-drivers"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\">website</a>&nbsp;.<p>For more information see the associated <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\">Emerson security notification.</a></p>\n\n<br>"}], "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated Emerson security notification. https://www.emerson.com/en-us/support/security-notifications"}], "source": {"advisory": "ICSA-25-189-01", "discovery": "INTERNAL"}, "title": "Emerson ValveLink Products Improper Input Validation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T13:29:05.416717Z", "id": "CVE-2025-53471", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:29:12.368Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T13:29:05.416717Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:29:09.642Z"}}], "cna": {"title": "Emerson ValveLink Products Improper Input Validation", "source": {"advisory": "ICSA-25-189-01", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Emerson reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Emerson", "product": "ValveLink SOLO", "versions": [{"status": "affected", "version": "0", "lessThan": "ValveLink 14.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Emerson", "product": "ValveLink DTM", "versions": [{"status": "affected", "version": "0", "lessThan": "ValveLink 14.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Emerson", "product": "ValveLink PRM", "versions": [{"status": "affected", "version": "0", "lessThan": "ValveLink 14.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Emerson", "product": "ValveLink SNAP-ON", "versions": [{"status": "affected", "version": "0", "lessThan": "ValveLink 14.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson website https://www.emerson.com/en-us/support/software-downloads-drivers \u00a0.For more information see the associated Emerson security notification. https://www.emerson.com/en-us/support/security-notifications", "supportingMedia": [{"type": "text/html", "value": "Emerson recommends users update their Valvelink software to ValveLink \n14.0 or later. The upgrade can be downloaded from the Emerson <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/software-downloads-drivers\">website</a>&nbsp;.<p>For more information see the associated <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.emerson.com/en-us/support/security-notifications\">Emerson security notification.</a></p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"}, {"url": "https://www.emerson.com/en-us/support/security-notifications"}, {"url": "https://www.emerson.com/en-us/support/software-downloads-drivers"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly.", "supportingMedia": [{"type": "text/html", "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-10T23:45:39.592Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53471", "state": "PUBLISHED", "dateUpdated": "2025-07-11T13:29:12.368Z", "dateReserved": "2025-06-30T14:34:56.244Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-07-10T23:45:39.592Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Emerson ValveLink products \nreceive input or data, but it do not validate or incorrectly \nvalidates that the input has the properties that are required to process\n the data safely and correctly."}, {"lang": "es", "value": "Los productos Emerson ValveLink reciben entradas o datos, pero no validan o validan incorrectamente que la entrada tenga las propiedades necesarias para procesar los datos de forma segura y correcta."}], "id": "CVE-2025-53471", "lastModified": "2025-07-15T13:14:49.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-07-11T00:15:26.933", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.emerson.com/en-us/support/security-notifications"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.emerson.com/en-us/support/software-downloads-drivers"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"created": "2025-07-13T11:06:13.820500+00:00", "updated": "2025-07-13T11:06:13.820562+00:00", "vendors": ["emerson", "emerson$PRODUCT$valvelink"]}