CVE-2022-29959
MEDIUMEmerson OpenBSI through 2022-04-29 - Insufficiently Protected Credentials in SecUsers.ini
Title source: llmDescription
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.forescout.com/blog/
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-221-03
Scores
CVSS v3
5.5
EPSS
0.0025
EPSS Percentile
16.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (2)
emerson/openbsi
5.9 (4 CPE variants)
emerson/openbsi
< 5.9
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026