CVE-2022-29963

Name of the Vulnerable Software and Affected Versions Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29

Description The issue is related to the misuse of passwords and the use of hardcoded credentials in the TELNET service on port 18550, which provides access to a root shell. This affects S-series, P-series, and CIOC/EIOC nodes. Additionally, there is a problem with the use of defective cryptographic algorithms. Exploitation of the issue may allow a remote attacker to elevate their privileges.

Recommendations For Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29, consider disabling the TELNET service on port 18550 as a temporary workaround to minimize the risk of exploitation. Restrict access to the root shell and hardcoded credentials to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.