CVE-2022-30260 — HIGH (7.8)

Q: How severe is CVE-2022-30260?

CVE-2022-30260 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30260?

Check the references section above for vendor advisories and patch information. Affected products include: Emerson Deltav Distributed Control System Sq Controller Firmware, Emerson Deltav Distributed Control System Sq Controller, Emerson Deltav Distributed Control System Sx Controller Firmware, Emerson Deltav Distributed Control System Sx Controller, Emerson Se4002S1T2B6 High Side 40-Pin Mass I\/O Terminal Block Firmware.

Vulnerability Description

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emerson	Deltav Distributed Control System Sq Controller Firmware	< 14.3
Emerson	Deltav Distributed Control System Sq Controller	-
Emerson	Deltav Distributed Control System Sx Controller Firmware	< 14.3
Emerson	Deltav Distributed Control System Sx Controller	-
Emerson	Se4002S1T2B6 High Side 40-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4002S1T2B6 High Side 40-Pin Mass I\/O Terminal Block	-
Emerson	Se4003S2B4 16-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4003S2B4 16-Pin Mass I\/O Terminal Block	-
Emerson	Se4003S2B524-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4003S2B524-Pin Mass I\/O Terminal Block	-
Emerson	Se4017P0 H1 I\/O Interface Card And Terminl Block Firmware	< 14.3
Emerson	Se4017P0 H1 I\/O Interface Card And Terminl Block	-
Emerson	Se4017P1 H1 I\/O Card With Integrated Power Firmware	< 14.3
Emerson	Se4017P1 H1 I\/O Card With Integrated Power	-
Emerson	Se4019P0 Simplex H1 4-Port Plus Fieldbus I\/O Interface With Terminalblock Firmware	< 14.3
Emerson	Se4019P0 Simplex H1 4-Port Plus Fieldbus I\/O Interface With Terminalblock	-
Emerson	Se4026 Virtual I\/O Module 2 Firmware	< 14.3
Emerson	Se4026 Virtual I\/O Module 2	-
Emerson	Se4027 Virtual I\/O Module 2 Firmware	< 14.3
Emerson	Se4027 Virtual I\/O Module 2	-

Related Weaknesses (CWE)

CWE-345

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03Third Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Not ApplicableThird Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03Third Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Not ApplicableThird Party Advisory

FAQ

What is CVE-2022-30260?

CVE-2022-30260 is a vulnerability with a CVSS score of 7.8 (HIGH). Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-s...

How severe is CVE-2022-30260?

CVE-2022-30260 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30260?

Check the references section above for vendor advisories and patch information. Affected products include: Emerson Deltav Distributed Control System Sq Controller Firmware, Emerson Deltav Distributed Control System Sq Controller, Emerson Deltav Distributed Control System Sx Controller Firmware, Emerson Deltav Distributed Control System Sx Controller, Emerson Se4002S1T2B6 High Side 40-Pin Mass I\/O Terminal Block Firmware.