CVE-2022-29962

Name of the Vulnerable Software and Affected Versions Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29

Description The issue is related to the misuse of passwords and the presence of hardcoded credentials in the FTP service of the Emerson DeltaV Distributed Control System, which may allow an attacker to gain unauthorized access to protected information. This affects S-series, P-series, and CIOC/EIOC nodes.

Recommendations For Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29, consider disabling the FTP service to minimize the risk of exploitation, especially if it is not necessary for production. Additionally, restrict access to the affected nodes, including S-series, P-series, and CIOC/EIOC, to prevent potential unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.