CVE-2022-29960
Summary
| CVE | CVE-2022-29960 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-26 22:15:00 UTC |
| Updated | 2022-08-16 17:55:00 UTC |
| Description | Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities. |
Risk And Classification
Problem Types: CWE-327
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emerson | Openbsi | All | All | All | All |
| Application | Emerson | Openbsi | 5.9 | - | All | All |
| Application | Emerson | Openbsi | 5.9 | sp1 | All | All |
| Application | Emerson | Openbsi | 5.9 | sp2 | All | All |
| Application | Emerson | Openbsi | 5.9 | sp3 | All | All |
| Application | Emerson | Openbsi | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Emerson OpenBSI | CISA | MISC | www.cisa.gov | |
| Emerson DeltaV Distributed Control System | CISA | MISC | www.cisa.gov | |
| Blog - Forescout | MISC | www.forescout.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.