CVE-2022-29959

Name of the Vulnerable Software and Affected Versions Emerson OpenBSI versions prior to 2022-04-29

Description The issue is related to the insecure storage of confidential information in the SecUsers.ini file, which can be exploited by a remote attacker to gain access to user credentials. The Emerson OpenBSI environment, used for the ControlWave and Bristol Babcock line of RTUs, provides access control functionality through user authentication and privilege management. However, the credentials for various users are stored insecurely using a simple string transformation rather than a cryptographic mechanism.

Recommendations For Emerson OpenBSI versions prior to 2022-04-29, consider updating to a version that securely stores user credentials using a cryptographic mechanism. As a temporary workaround, restrict access to the SecUsers.ini file to minimize the risk of exploitation. Additionally, review and implement best practices for secure credential storage to prevent similar issues in the future.