本ページは emerson deltav_distributed_control_system に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-29965 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup tabl | [email protected] | 5.5 | 0.17% | 2022-07-26 | 2026-06-17 |
| CVE-2022-29957 | The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker | [email protected] | 7.8 | 0.21% | 2022-07-26 | 2026-06-17 |
| CVE-2021-26264 | A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition. | [email protected] | 6.1 | 0.19% | 2022-01-28 | 2026-06-16 |