Vulnerability Details : CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.
Products affected by CVE-2022-29960
- cpe:2.3:a:emerson:openbsi:*:*:*:*:*:*:*:*
- cpe:2.3:a:emerson:openbsi:5.9:sp1:*:*:*:*:*:*
- cpe:2.3:a:emerson:openbsi:5.9:sp2:*:*:*:*:*:*
- cpe:2.3:a:emerson:openbsi:5.9:sp3:*:*:*:*:*:*
- cpe:2.3:a:emerson:openbsi:5.9:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29960
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29960
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-29960
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-29960
-
https://www.forescout.com/blog/
Blog - ForescoutThird Party Advisory
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03
Emerson DeltaV Distributed Control System | CISANot Applicable;Third Party Advisory;US Government Resource
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03
Emerson OpenBSI | CISAThird Party Advisory;US Government Resource
Jump to