CVE-2022-29960

Published: Jul 26, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.

Affected (5)

Products: Emerson: Openbsi

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Emerson Openbsi	Before 5.9
Emerson Openbsi	Version 5.9
Emerson Openbsi	Version 5.9 sp1
Emerson Openbsi	Version 5.9 sp2
Emerson Openbsi	Version 5.9 sp3

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Source: cve@mitre.org

Not ApplicableThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.forescout.com/blog/

Source: cve@mitre.org

Third Party Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.forescout.com/blog/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.