Details of VAR-202206-2264

ID

VAR-202206-2264

CVE

CVE-2022-29965

TITLE

Vulnerabilities related to the use of cryptographic algorithms in multiple Emerson products

Trust: 0.8

sources: JVNDB: JVNDB-2022-017497

DESCRIPTION

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. DeltaV Distributed Control System , DeltaV Distributed Control System SQ controller firmware, DeltaV Distributed Control System SX controller Multiple Emerson products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-29965 // JVNDB: JVNDB-2022-017497 // VULMON: CVE-2022-29965

AFFECTED PRODUCTS

vendor:	emerson	model:	se4017p1 h1 i\/o card with integrated power	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	ve4105 ethernet\/ip interface for ethernet connected i\/o \	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4037p1 redundant h1 i\/o card with integrated power and terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4082s1t2b8 high side 40-pin do mass i\/o terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	ve4103 modbus tcp interface for ethernet connected i\/o \	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	ve4107 iec 61850 mms interface for ethernet connected i\/o \	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4003s2b524-pin mass i\/o terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4027 virtual i\/o module 2	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblock	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	ve4104 ethernet\/ip control tag integration for ethernet connected i\/o \	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4037p0 h1 i\/o interface card and terminl block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4017p0 h1 i\/o interface card and terminl block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4026 virtual i\/o module 2	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4032s1t2b8 high side 40-pin do mass i\/o terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4003s2b4 16-pin mass i\/o terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4002s1t2b6 high side 40-pin mass i\/o terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	ve4106 opc-ua client for ethernet connected i\/o \	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	deltav distributed control system	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4039p0 redundant h1 4-port plus fieldbus i\/o interface with terminalblock	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	deltav distributed control system sq controller	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4052s1t2b6 high side 40-pin mass i\/o terminal block	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	deltav distributed control system sx controller	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4100 simplex ethernet i\/o card \ assembly	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4101 simplex ethernet i\/o card \ assembly	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	emerson	model:	se4801t0x redundant wireless i\/o card	scope:	lte	version:	2022-04-29	Trust: 1.0
vendor:	エマソン	model:	se4032s1t2b8 high side 40-pin do mass i/o terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4801t0x redundant wireless i/o card	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4003s2b4 16-pin mass i/o terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4003s2b524-pin mass i/o terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4017p1 h1 i/o card with integrated power	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4052s1t2b6 high side 40-pin mass i/o terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4039p0 redundant h1 4-port plus fieldbus i/o interface with terminalblock	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4101 simplex ethernet i/o card assembly	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4037p0 h1 i/o interface card and terminl block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4082s1t2b8 high side 40-pin do mass i/o terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4100 simplex ethernet i/o card assembly	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4037p1 redundant h1 i/o card with integrated power and terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4027 virtual i/o module 2	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4019p0 simplex h1 4-port plus fieldbus i/o interface with terminalblock	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4017p0 h1 i/o card and terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	deltav distributed control system sx コントローラ	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4026 virtual i/o module 2	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	se4002s1t2b6 high side 40-pin mass i/o terminal block	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	deltav distributed control system sq コントローラ	scope:	-	version:	-	Trust: 0.8
vendor:	エマソン	model:	deltav distributed control system	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-017497 // NVD: CVE-2022-29965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29965
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-29965
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202206-2913
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-29965
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29965
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-017497 // CNNVD: CNNVD-202206-2913 // NVD: CVE-2022-29965

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-017497 // NVD: CVE-2022-29965

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-2913

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202206-2913

PATCH

title:

Emerson DeltaV Distributed Control System Fixes for encryption problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202537

Trust: 0.6

sources: CNNVD: CNNVD-202206-2913

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29965	Trust: 3.3
db:	ICS CERT	id:	ICSA-22-181-03	Trust: 2.5
db:	JVN	id:	JVNVU92990931	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-017497	Trust: 0.8
db:	CS-HELP	id:	SB2022071112	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-2913	Trust: 0.6
db:	VULMON	id:	CVE-2022-29965	Trust: 0.1

sources: VULMON: CVE-2022-29965 // JVNDB: JVNDB-2022-017497 // CNNVD: CNNVD-202206-2913 // NVD: CVE-2022-29965

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03	Trust: 2.5
url:	https://www.forescout.com/blog/	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu92990931/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29965	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022071112	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29965/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03	Trust: 0.6

sources: VULMON: CVE-2022-29965 // JVNDB: JVNDB-2022-017497 // CNNVD: CNNVD-202206-2913 // NVD: CVE-2022-29965

CREDITS

Daniel dos Santos and Jos Wetzels from Forescout Technologies reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202206-2913

SOURCES

db:	VULMON	id:	CVE-2022-29965
db:	JVNDB	id:	JVNDB-2022-017497
db:	CNNVD	id:	CNNVD-202206-2913
db:	NVD	id:	CVE-2022-29965

LAST UPDATE DATE

2024-08-14T13:53:12.568000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-017497	date:	2023-10-13T04:53:00
db:	CNNVD	id:	CNNVD-202206-2913	date:	2022-08-05T00:00:00
db:	NVD	id:	CVE-2022-29965	date:	2023-01-24T16:06:41.127

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-017497	date:	2023-10-13T00:00:00
db:	CNNVD	id:	CNNVD-202206-2913	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2022-29965	date:	2022-07-26T22:15:11.183