medium
5.5
CWE
798
Advisory Published
Updated

CVE-2022-29963

First published: Tue Jul 26 2022(Updated: )

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Emerson DeltaV Distributed Control System<=2022-04-29
Emerson DeltaV Distributed Control System
Emerson DeltaV Distributed Control System<=2022-04-29
Emerson DeltaV Distributed Control System Sx Controller
Emerson Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4002s1t2b6 High Side 40-pin Mass I/o Terminal Block
Emerson Se4003s2b4 16-pin Mass I/O Terminal Block Firmware<=2022-04-29
Emerson Se4003s2b4 16-pin Mass I/o Terminal Block
Emerson Se4003s2b524-pin Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4003s2b524-pin Mass I/o Terminal Block
Emerson Se4017p0 H1 I/o Interface Card And Terminl Block Firmware<=2022-04-29
Emerson Se4017p0 H1 I/o Interface Card And Terminal Block
Emerson Se4017p1 H1 I/O Card With Integrated Power Firmware<=2022-04-29
Emerson Se4017p1 H1 I/o Card With Integrated Power
Emerson Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware<=2022-04-29
Emerson Se4019p0 Simplex H1 4-port Plus Fieldbus I/o Interface With Terminalblock
Emerson Se4026 Virtual I/o Module 2 Firmware<=2022-04-29
Emerson Se4026 Virtual I/o Module 2
Emerson Se4027 Virtual I/o Module 2 Firmware<=2022-04-29
Emerson Se4027 Virtual I/o Module 2
Emerson Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4032s1t2b8 High Side 40-pin Do Mass I/o Terminal Block
Emerson Se4037p0 H1 I/O Interface Card and Terminal Block Firmware<=2022-04-29
Emerson Se4037p0 H1 I/O Interface Card and Terminal Block
Emerson Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block Firmware<=2022-04-29
Emerson Se4037p1 Redundant H1 I/o Card With Integrated Power And Terminal Block
Emerson Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock Firmware<=2022-04-29
Emerson Se4039p0 Redundant H1 4-port Plus Fieldbus I/o Interface With Terminalblock
Emerson Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4052s1t2b6 High Side 40-pin Mass I/o Terminal Block
Emerson Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block Firmware<=2022-04-29
Emerson Se4082s1t2b8 High Side 40-pin Do Mass I/o Terminal Block
Emerson Se4100 Simplex Ethernet I/o Card (eioc) Assembly Firmware<=2022-04-29
Emerson Se4100 Simplex Ethernet I/o Card (eioc) Assembly
Emerson Se4101 Simplex Ethernet I/o Card (eioc) Assembly Firmware<=2022-04-29
Emerson Se4101 Simplex Ethernet I/o Card (eioc) Assembly
Emerson Se4801t0x Redundant Wireless I/o Card Firmware<=2022-04-29
Emerson Se4801t0x Redundant Wireless I/o Card
Emerson Ve4103 Modbus Tcp Interface For Ethernet Connected I/o (eioc) Firmware<=2022-04-29
Emerson Ve4103 Modbus TCP Interface for Ethernet Connected I/O (EIOC)
Emerson Ve4104 Ethernet/IP Control Tag Integration for Ethernet Connected I/O (EIOC) Firmware<=2022-04-29
Emerson Ve4104 Ethernet/ip Control Tag Integration For Ethernet Connected I/o (eioc)
Emerson Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc) Firmware<=2022-04-29
Emerson Ve4105 Ethernet/ip Interface For Ethernet Connected I/o (eioc)
Emerson Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc) Firmware<=2022-04-29
Emerson Ve4106 Opc-ua Client For Ethernet Connected I/o (eioc)
Emerson VE4107 IEC 61850 MMS Interface for Ethernet Connected I/O (EIOC) Firmware<=2022-04-29
Emerson Ve4107 Iec 61850 Mms Interface For Ethernet Connected I/o (eioc)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2022-29963?

    CVE-2022-29963 is considered a critical vulnerability due to the exposure of hardcoded credentials allowing unauthorized access to root shell.

  • How do I fix CVE-2022-29963?

    To fix CVE-2022-29963, update the affected Emerson DeltaV Distributed Control System components to versions released after April 29, 2022.

  • What systems are affected by CVE-2022-29963?

    CVE-2022-29963 affects Emerson DeltaV Distributed Control System S-series, P-series, and CIOC/EIOC nodes running specific firmware versions.

  • Is CVE-2022-29963 related to any previous vulnerabilities?

    CVE-2022-29963 is different from CVE-2014-2350 and addresses a newly identified issue with password misuse in Emerson systems.

  • What can an attacker gain from exploiting CVE-2022-29963?

    Exploiting CVE-2022-29963 allows attackers to gain root shell access, potentially leading to complete control over the compromised system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203