Unknown
CVE-2022-29965
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-29965
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- deltav distributed control system,
- deltav distributed control system sq controller firmware,
- deltav distributed control system sx controller firmware,
- se4002s1t2b6 high side 40-pin mass i/o terminal block firmware,
- se4003s2b4 16-pin mass i/o terminal block firmware,
- se4003s2b524-pin mass i/o terminal block firmware,
- se4017p0 h1 i/o interface card and terminl block firmware,
- se4017p1 h1 i/o card with integrated power firmware,
- se4019p0 simplex h1 4-port plus fieldbus i/o interface with terminalblock firmware,
- se4026 virtual i/o module 2 firmware,
- se4027 virtual i/o module 2 firmware,
- se4032s1t2b8 high side 40-pin do mass i/o terminal block firmware,
- se4037p0 h1 i/o interface card and terminl block firmware,
- se4037p1 redundant h1 i/o card with integrated power and terminal block firmware,
- se4039p0 redundant h1 4-port plus fieldbus i/o interface with terminalblock firmware,
- se4052s1t2b6 high side 40-pin mass i/o terminal block firmware,
- se4082s1t2b8 high side 40-pin do mass i/o terminal block firmware,
- se4100 simplex ethernet i/o card (eioc) assembly firmware,
- se4101 simplex ethernet i/o card (eioc) assembly firmware,
- se4801t0x redundant wireless i/o card firmware,
- ve4103 modbus tcp interface for ethernet connected i/o (eioc) firmware,
- ve4104 ethernet/ip control tag integration for ethernet connected i/o (eioc) firmware,
- ve4105 ethernet/ip interface for ethernet connected i/o (eioc) firmware,
- ve4106 opc-ua client for ethernet connected i/o (eioc) firmware,
- ve4107 iec 61850 mms interface for ethernet connected i/o (eioc) firmware
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
