Detections
Analytics
Emerson DeltaV Wireless I/O Cards (WIOC) 13.3 Authentication Bypass
medium Nessus Network Monitor Plugin ID 720097
Synopsis
Emerson DeltaV Wireless I/O Cards (WIOC) have the SSH (Secure Shell) functionality enabled unnecessarilyDescription
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
http://www.securityfocus.com/bid/94586,https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03
Plugin Details
Severity: Medium
ID: 720097
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4
Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 11/29/2016
Vulnerability Publication Date: 11/29/2016
Reference Information
CVE: CVE-2016-9347
BID: 94586