7.8 - CVE-2022-30260

Executive Summary

Informations
Name	CVE-2022-30260	First vendor Publication	2022-12-26
Vendor	Cve	Last vendor Modification	2024-02-15

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score	7.8
Base Score	7.8	Environmental Score	7.8
impact SubScore	5.9	Temporal Score	7.8
Exploitabality Sub Score	1.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	None	User Interaction	Required
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30260

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-345	Insufficient Verification of Data Authenticity

CPE : Common Platform Enumeration

Type	Description	Count
Os	Emerson Deltav Distributed Control System Sq Controller Firmware cpe:2.3:o:emerson:deltav_distributed_control_system_sq_controller_firmware::::::::	1
Os	Emerson Deltav Distributed Control System Sx Controller Firmware cpe:2.3:o:emerson:deltav_distributed_control_system_sx_controller_firmware::::::::	1
Os	Emerson Se4002S1T2B6 High Side 40-Pin Mass I/O Terminal Block Firmware cpe:2.3:o:emerson:se4002s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware::::::::	1
Os	Emerson Se4003S2B4 16-Pin Mass I/O Terminal Block Firmware cpe:2.3:o:emerson:se4003s2b4_16-pin_mass_i/o_terminal_block_firmware::::::::	1
Os	Emerson Se4003S2B524-Pin Mass I/O Terminal Block Firmware cpe:2.3:o:emerson:se4003s2b524-pin_mass_i/o_terminal_block_firmware::::::::	1
Os	Emerson Se4017P0 H1 I/O Interface Card And Terminl Block Firmware cpe:2.3:o:emerson:se4017p0_h1_i/o_interface_card_and_terminl_block_firmware::::::::	1
Os	Emerson Se4017P1 H1 I/O Card With Integrated Power Firmware cpe:2.3:o:emerson:se4017p1_h1_i/o_card_with_integrated_power_firmware::::::::	1
Os	Emerson Se4019P0 Simplex H1 4-Port Plus Fieldbus I/O Interface With Terminalblock Firmware cpe:2.3:o:emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware::::::::	1
Os	Emerson Se4026 Virtual I/O Module 2 Firmware cpe:2.3:o:emerson:se4026_virtual_i/o_module_2_firmware::::::::	1
Os	Emerson Se4027 Virtual I/O Module 2 Firmware cpe:2.3:o:emerson:se4027_virtual_i/o_module_2_firmware::::::::	1
Os	Emerson Se4032S1T2B8 High Side 40-Pin Do Mass I/O Terminal Block Firmware cpe:2.3:o:emerson:se4032s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware::::::::	1
Os	Emerson Se4037P0 H1 I/O Interface Card And Terminl Block Firmware cpe:2.3:o:emerson:se4037p0_h1_i/o_interface_card_and_terminl_block_firmware::::::::	1
Os	Emerson Se4037P1 Redundant H1 I/O Card With Integrated Power And Terminal Block Firmware cpe:2.3:o:emerson:se4037p1_redundant_h1_i/o_card_with_integrated_power_and_terminal_block_firmware::::::::	1
Os	Emerson Se4039P0 Redundant H1 4-Port Plus Fieldbus I/O Interface With Terminalblock Firmware cpe:2.3:o:emerson:se4039p0_redundant_h1_4-port_plus_fieldbus_i/o_interface_with_terminalblock_firmware::::::::	1
Os	Emerson Se4052S1T2B6 High Side 40-Pin Mass I/O Terminal Block Firmware cpe:2.3:o:emerson:se4052s1t2b6_high_side_40-pin_mass_i/o_terminal_block_firmware::::::::	1
Os	Emerson Se4082S1T2B8 High Side 40-Pin Do Mass I/O Terminal Block Firmware cpe:2.3:o:emerson:se4082s1t2b8_high_side_40-pin_do_mass_i/o_terminal_block_firmware::::::::	1
Os	Emerson Se4100 Simplex Ethernet I/O Card (Eioc) Assembly Firmware cpe:2.3:o:emerson:se4100_simplex_ethernet_i/o_card_(eioc)_assembly_firmware::::::::	1
Os	Emerson Se4101 Simplex Ethernet I/O Card (Eioc) Assembly Firmware cpe:2.3:o:emerson:se4101_simplex_ethernet_i/o_card_(eioc)_assembly_firmware::::::::	1
Os	Emerson Se4801T0X Redundant Wireless I/O Card Firmware cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i/o_card_firmware::::::::	1
Os	Emerson Ve4103 Modbus Tcp Interface For Ethernet Connected I/O (Eioc) Firmware cpe:2.3:o:emerson:ve4103_modbus_tcp_interface_for_ethernet_connected_i/o_(eioc)_firmware::::::::	1
Os	Emerson Ve4104 Ethernet/Ip Control Tag Integration For Ethernet Connected I/O (Eioc) Firmware cpe:2.3:o:emerson:ve4104_ethernet/ip_control_tag_integration_for_ethernet_connected_i/o_(eioc)_firmware::::::::	1
Os	Emerson Ve4105 Ethernet/Ip Interface For Ethernet Connected I/O (Eioc) Firmware cpe:2.3:o:emerson:ve4105_ethernet/ip_interface_for_ethernet_connected_i/o_(eioc)_firmware::::::::	1
Os	Emerson Ve4106 Opc-Ua Client For Ethernet Connected I/O (Eioc) Firmware cpe:2.3:o:emerson:ve4106_opc-ua_client_for_ethernet_connected_i/o_(eioc)_firmware::::::::	1
Os	Emerson Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/O (Eioc) Firmware cpe:2.3:o:emerson:ve4107_iec_61850_mms_interface_for_ethernet_connected_i/o_(eioc)_firmware::::::::	1

Sources (Detail)

Source	Url
MISC	https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-15 09:28:01	Multiple Updates
2023-01-05 21:27:16	Multiple Updates
2022-12-27 17:27:16	Multiple Updates
2022-12-26 13:04:41	First insertion

7.8 - CVE-2022-30260

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU