CVE-2022-29960

Name of the Vulnerable Software and Affected Versions Emerson OpenBSI through 2022-04-29

Description The issue is related to the use of weak cryptography in Emerson OpenBSI, an engineering environment for the ControlWave and Bristol Babcock line of RTUs. Specifically, DES with hardcoded cryptographic keys is used for protecting certain system credentials, engineering files, and sensitive utilities. This could allow a remote attacker to gain access to credentials.

Recommendations For Emerson OpenBSI through 2022-04-29, consider disabling the use of DES with hardcoded cryptographic keys as a temporary workaround until a patch is available. Restrict access to sensitive utilities and engineering files to minimize the risk of exploitation. Update to a version that uses secure cryptography for protecting system credentials and sensitive data.