CVE-2014-2350

Name of the Vulnerable Software and Affected Versions Emerson DeltaV versions 10.3.1 through 12.3

Description The issue is related to errors that occur when changing access control rules through the Telnet protocol, allowing an attacker to gain access to applications via Telnet to run commands or change settings. It also involves the use of hardcoded credentials for diagnostic services, which can be exploited by remote attackers to bypass access restrictions via a TCP session, such as a session using the telnet program.

Recommendations For Emerson DeltaV versions 10.3.1 through 12.3, consider disabling the use of hardcoded credentials for diagnostic services and restrict access to the Telnet protocol to minimize the risk of exploitation. As a temporary workaround, limit the use of the Telnet program for diagnostic purposes until a more secure method is implemented.