Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.

Published

2022-07-26T22:15:11.007

Last Modified

2024-11-21T07:00:04.030

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emerson	openbsi	< 5.9	Yes
Application	emerson	openbsi	5.9	Yes
Application	emerson	openbsi	5.9	Yes
Application	emerson	openbsi	5.9	Yes
Application	emerson	openbsi	5.9	Yes

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 Not Applicable, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03 Third Party Advisory, US Government Resource ([email protected])
https://www.forescout.com/blog/ Third Party Advisory ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 Not Applicable, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.forescout.com/blog/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)