CVE-2022-29960

EUVD-2022-34267
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
emersonopenbsi
𝑥
< 5.9
emersonopenbsi
5.9
emersonopenbsi
5.9:sp1
emersonopenbsi
5.9:sp2
emersonopenbsi
5.9:sp3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03
https://www.forescout.com/blog/
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03
https://www.forescout.com/blog/