CVE-2014-2349

Summary

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

Affected Software

VendorProductVersion RangeStatus
EmersonDeltaV10.3.1affected
EmersonDeltaV11.3affected
EmersonDeltaV11.3.1affected
EmersonDeltaV12.3affected

Weaknesses

  • CWE-285: CWE-285

ADP Enrichment

CVE Program Container

Additional References

References