PT-2014-1221 · Emerson · Emerson Deltav

Dmitry Nagibin

Published

2014-05-22

Updated

2025-10-31

CVE-2014-2349

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3

Description The issue allows local users to modify or read configuration files by leveraging engineering-level privileges. It is related to errors that occur when processing a specially crafted configuration file, which can be exploited to elevate privileges and gain unauthorized access to confidential information.

Recommendations For Emerson DeltaV version 10.3.1, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 11.3, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 11.3.1, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 12.3, update to a version that fixes the issue with configuration file handling. As a temporary workaround, consider restricting access to configuration files to minimize the risk of exploitation.

Fix

Improper Authorization

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-285CWE-798

Related Identifiers

BDU:2014-00395

CVE-2014-2349

Affected Products

Emerson Deltav

PT-2014-1221 · Emerson · Emerson Deltav

CVE-2014-2349

Weakness Enumeration

Related Identifiers

Affected Products

References · 6