medium
5.5
CWE
798
Advisory Published
Updated

CVE-2022-29962

First published: Tue Jul 26 2022(Updated: )

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Emerson DeltaV Distributed Control System<=2022-04-29
Emerson DeltaV Distributed Control System
Emerson DeltaV Distributed Control System<=2022-04-29
Emerson DeltaV Distributed Control System Sx Controller
Emerson Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block
Emerson Se4003s2b4 16-pin Mass I/O Terminal Block Firmware<=2022-04-29
Emerson Se4003s2b4 16-pin Mass I/o Terminal Block
Emerson Se4003s2b524-pin Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4003s2b524-pin Mass I/o Terminal Block
Emerson Se4017p0 H1 I/o Interface Card And Terminl Block Firmware<=2022-04-29
Emerson Se4017p0 H1 I/o Interface Card And Terminal Block
Emerson Se4017p1 H1 I/O Card With Integrated Power Firmware<=2022-04-29
Emerson Se4017p1 H1 I/o Card With Integrated Power
Emerson Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware<=2022-04-29
Emerson Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock
Emerson Se4026 Virtual I/o Module 2 Firmware<=2022-04-29
Emerson Se4026 Virtual I/o Module 2
Emerson Se4027 Virtual I/o Module 2 Firmware<=2022-04-29
Emerson Se4027 Virtual I/o Module 2
Emerson Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block
Emerson Se4037p0 H1 I/O Interface Card and Terminal Block Firmware<=2022-04-29
Emerson Se4037p0 H1 I/O Interface Card and Terminal Block
Emerson Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block Firmware<=2022-04-29
Emerson Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block
Emerson Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware<=2022-04-29
Emerson Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock
Emerson Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block
Emerson Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block
Emerson Se4100 Simplex Ethernet I/o Card (eioc) Assembly Firmware<=2022-04-29
Emerson Se4100 Simplex Ethernet I/o Card (eioc) Assembly
Emerson Se4101 Simplex Ethernet I/o Card (eioc) Assembly Firmware<=2022-04-29
Emerson Se4101 Simplex Ethernet I/o Card (eioc) Assembly
Emerson Se4801t0x Redundant Wireless I/o Card Firmware<=2022-04-29
Emerson Se4801t0x Redundant Wireless I/o Card
Emerson Ve4103 Modbus Tcp Interface For Ethernet Connected I/o (eioc) Firmware<=2022-04-29
Emerson Ve4103 Modbus TCP Interface for Ethernet Connected I/O (EIOC)
Emerson Ve4104 Ethernet/IP Control Tag Integration for Ethernet Connected I/O (EIOC) Firmware<=2022-04-29
Emerson Ve4104 Ethernet/ip Control Tag Integration For Ethernet Connected I/o (eioc)
Emerson Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc) Firmware<=2022-04-29
Emerson Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc)
Emerson Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc) Firmware<=2022-04-29
Emerson Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc)
Emerson VE4107 IEC 61850 MMS Interface for Ethernet Connected I/O (EIOC) Firmware<=2022-04-29
Emerson Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/o (eioc)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2022-29962?

    CVE-2022-29962 has been classified as a high-severity vulnerability as it involves hardcoded credentials in released firmware.

  • How do I fix CVE-2022-29962?

    To mitigate CVE-2022-29962, it is recommended to update the affected Emerson DeltaV firmware to a version released after April 29, 2022.

  • What products are affected by CVE-2022-29962?

    CVE-2022-29962 affects Emerson DeltaV S-series, P-series, and CIOC/EIOC nodes and firmware released up to April 29, 2022.

  • Can CVE-2022-29962 be exploited remotely?

    Yes, CVE-2022-29962 can potentially be exploited remotely if the affected systems have FTP enabled with the default credentials.

  • What are the implications of CVE-2022-29962 for industrial control systems?

    The implications include unauthorized access and control over industrial processes, which can result in operational disruption or safety incidents.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203