CVE-2022-29964

Name of the Vulnerable Software and Affected Versions Emerson DeltaV versions through 2022-04-29

Description The issue is related to the misuse of passwords in Emerson DeltaV Distributed Control System (DCS) controllers and IO cards, allowing an attacker to gain unauthorized access to protected information. The WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials.

Recommendations For versions through 2022-04-29, consider changing the hardcoded credentials to unique, secure passwords to prevent unauthorized access. As a temporary workaround, restrict access to the WIOC SSH service to minimize the risk of exploitation.