CVE-2022-29965 in DeltaV Distributed Control System정보

요약

\~에 의해 MITRE • 2022. 07. 27.

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

예약하다

2022. 04. 29.

모더레이션

수락

항목

VDB-205119

EPSS

0.00171

출처

Might our Artificial Intelligence support you?

Check our Alexa App!