Description
Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
Various Sources
https://www.emerson.com/en-us/support/security-notifications
Various Sources
https://www.emerson.com/en-us/support/software-downloads-drivers
Scores
CVSS v3
5.1
EPSS
0.0016
EPSS Percentile
5.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (8)
Emerson/ValveLink DTM
< ValveLink 14.0
Emerson/ValveLink DTM
ValveLink 14.0
Emerson/ValveLink PRM
< ValveLink 14.0
Emerson/ValveLink PRM
ValveLink 14.0
Emerson/ValveLink SNAP-ON
< ValveLink 14.0
Emerson/ValveLink SNAP-ON
ValveLink 14.0
Emerson/ValveLink SOLO
< ValveLink 14.0
Emerson/ValveLink SOLO
ValveLink 14.0
Published
Jul 11, 2025
Tracked Since
Feb 18, 2026