ID
VAR-202206-2263
CVE
CVE-2022-29962
TITLE
Hardcoded Credentials Usage Vulnerability in Multiple Emerson Products
Trust: 0.8
sources:
JVNDB: JVNDB-2022-018034
DESCRIPTION
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller firmware, SE4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Multiple Emerson products, including firmware, contain vulnerabilities related to the use of hard-coded credentials.Information may be obtained. Emerson DeltaV Distributed Control System
Trust: 1.71
sources:
NVD: CVE-2022-29962 //
JVNDB: JVNDB-2022-018034 //
VULMON: CVE-2022-29962
AFFECTED PRODUCTS
| vendor: | emerson | model: | se4017p1 h1 i\/o card with integrated power | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | ve4105 ethernet\/ip interface for ethernet connected i\/o \ | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4037p1 redundant h1 i\/o card with integrated power and terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4082s1t2b8 high side 40-pin do mass i\/o terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | ve4103 modbus tcp interface for ethernet connected i\/o \ | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | ve4107 iec 61850 mms interface for ethernet connected i\/o \ | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4003s2b524-pin mass i\/o terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4027 virtual i\/o module 2 | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblock | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | ve4104 ethernet\/ip control tag integration for ethernet connected i\/o \ | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4037p0 h1 i\/o interface card and terminl block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4017p0 h1 i\/o interface card and terminl block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4026 virtual i\/o module 2 | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4032s1t2b8 high side 40-pin do mass i\/o terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4003s2b4 16-pin mass i\/o terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4002s1t2b6 high side 40-pin mass i\/o terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | ve4106 opc-ua client for ethernet connected i\/o \ | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4039p0 redundant h1 4-port plus fieldbus i\/o interface with terminalblock | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | deltav distributed control system sq controller | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4052s1t2b6 high side 40-pin mass i\/o terminal block | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | deltav distributed control system sx controller | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4100 simplex ethernet i\/o card \ assembly | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4101 simplex ethernet i\/o card \ assembly | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | emerson | model: | se4801t0x redundant wireless i\/o card | scope: | lte | version: | 2022-04-29 | Trust: 1.0 |
| vendor: | エマソン | model: | se4101 simplex ethernet i/o card assembly | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4003s2b524-pin mass i/o terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4052s1t2b6 high side 40-pin mass i/o terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4037p1 redundant h1 i/o card with integrated power and terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4032s1t2b8 high side 40-pin do mass i/o terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4082s1t2b8 high side 40-pin do mass i/o terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4100 simplex ethernet i/o card assembly | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4801t0x redundant wireless i/o card | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4019p0 simplex h1 4-port plus fieldbus i/o interface with terminalblock | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4037p0 h1 i/o interface card and terminl block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4003s2b4 16-pin mass i/o terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4026 virtual i/o module 2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4039p0 redundant h1 4-port plus fieldbus i/o interface with terminalblock | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4017p1 h1 i/o card with integrated power | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4017p0 h1 i/o card and terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | deltav distributed control system sq コントローラ | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4027 virtual i/o module 2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | ve4103 modbus tcp interface for ethernet connected i/o | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | se4002s1t2b6 high side 40-pin mass i/o terminal block | scope: | - | version: | - | Trust: 0.8 |
| vendor: | エマソン | model: | deltav distributed control system sx コントローラ | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-018034 //
NVD: CVE-2022-29962
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-018034 //
CNNVD: CNNVD-202206-2918 //
NVD: CVE-2022-29962
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.0 |
| problemtype: | Use hard-coded credentials (CWE-798) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-018034 //
NVD: CVE-2022-29962
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202206-2918
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-202206-2918
PATCH
| title: | Emerson DeltaV Distributed Control System Repair measures for trust management problem vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202540 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202206-2918
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-29962 | Trust: 3.3 |
| db: | ICS CERT | id: | ICSA-22-181-03 | Trust: 2.5 |
| db: | JVN | id: | JVNVU92990931 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-018034 | Trust: 0.8 |
| db: | CS-HELP | id: | SB2022071112 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202206-2918 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-29962 | Trust: 0.1 |
sources:
VULMON: CVE-2022-29962 //
JVNDB: JVNDB-2022-018034 //
CNNVD: CNNVD-202206-2918 //
NVD: CVE-2022-29962
REFERENCES
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 | Trust: 2.5 |
| url: | https://www.forescout.com/blog/ | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu92990931/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-29962 | Trust: 0.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2022071112 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-29962/ | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03 | Trust: 0.6 |
sources:
VULMON: CVE-2022-29962 //
JVNDB: JVNDB-2022-018034 //
CNNVD: CNNVD-202206-2918 //
NVD: CVE-2022-29962
CREDITS
Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.
Trust: 0.6
sources:
CNNVD: CNNVD-202206-2918
SOURCES
| db: | VULMON | id: | CVE-2022-29962 |
| db: | JVNDB | id: | JVNDB-2022-018034 |
| db: | CNNVD | id: | CNNVD-202206-2918 |
| db: | NVD | id: | CVE-2022-29962 |
LAST UPDATE DATE
2024-08-14T13:53:12.514000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2022-018034 | date: | 2023-10-18T07:23:00 |
| db: | CNNVD | id: | CNNVD-202206-2918 | date: | 2022-08-05T00:00:00 |
| db: | NVD | id: | CVE-2022-29962 | date: | 2022-08-04T15:56:16.620 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2022-018034 | date: | 2023-10-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-202206-2918 | date: | 2022-06-30T00:00:00 |
| db: | NVD | id: | CVE-2022-29962 | date: | 2022-07-26T22:15:11.050 |