CVE-2025-52579

Summary

Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.

Affected Software

VendorProductVersion RangeStatus
EmersonValveLink SOLO0 < ValveLink 14.0affected
EmersonValveLink DTM0 < ValveLink 14.0affected
EmersonValveLink PRM0 < ValveLink 14.0affected
EmersonValveLink SNAP-ON0 < ValveLink 14.0affected

Weaknesses

  • CWE-316: CWE-316

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References