Published: 14/05/2019 Updated: 10/02/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from Emerson’s Guardian Support Portal. Please refer to the DeltaV Security Notification DSN19003 (KBA NK-1900-0808) for more information about this issue. DeltaV versions 13.3 and higher use the Network Device Command Center application to manage DeltaV Smart Switches, and this newer application is not impacted by this issue. After patching the Smart Switch Command Center, users are required to either commission the DeltaV Smart Switches or change password using the tool.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emerson ve6046_firmware 09.0.12

CWE-798 http://www.emerson.com/documents/automation/deltav-smart-switches-en-179014.pdf https://www.us-cert.gov/ics/advisories/icsa-19-190-01 http://www.securityfocus.com/bid/109110 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-11691

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect