CVE & CISA-KEV Catalog

CVE-2022-30260

HIGH
7.8
CVSS v3
NVD

Description

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

How to fix

Remediation Available
deltav distributed control system sq controller firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
deltav distributed control system sx controller firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4002s1t2b6 high side 40-pin mass i\/o terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4003s2b4 16-pin mass i\/o terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4003s2b524-pin mass i\/o terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4017p0 h1 i\/o interface card and terminl block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4017p1 h1 i\/o card with integrated power firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4019p0 simplex h1 4-port plus fieldbus i\/o interface with terminalblock firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4026 virtual i\/o module 2 firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4027 virtual i\/o module 2 firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4032s1t2b8 high side 40-pin do mass i\/o terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4037p0 h1 i\/o interface card and terminl block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4037p1 redundant h1 i\/o card with integrated power and terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4039p0 redundant h1 4-port plus fieldbus i\/o interface with terminalblock firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4052s1t2b6 high side 40-pin mass i\/o terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4082s1t2b8 high side 40-pin do mass i\/o terminal block firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4100 simplex ethernet i\/o card \(eioc\) assembly firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4101 simplex ethernet i\/o card \(eioc\) assembly firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
se4801t0x redundant wireless i\/o card firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
ve4103 modbus tcp interface for ethernet connected i\/o \(eioc\) firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
ve4104 ethernet\/ip control tag integration for ethernet connected i\/o \(eioc\) firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
ve4105 ethernet\/ip interface for ethernet connected i\/o \(eioc\) firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
ve4106 opc-ua client for ethernet connected i\/o \(eioc\) firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD
ve4107 iec 61850 mms interface for ethernet connected i\/o \(eioc\) firmwareNVD
Affected:< 14.3Fixed in:14.3CVE-2022-30260derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploit Intelligence

0.15%probability of exploitation in 30 days
4thpercentile

Low risk: more likely to be exploited than 4% of all known CVEs.

References

Third-Party Advisory2

Related Vulnerabilities

Other CWE-345 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-38831High7.898%KEV + RansomFix
CVE-2016-4553High8.680%-Fix
CVE-2016-4554High8.639%-Fix
CVE-2023-35719Medium6.826%--
CVE-2022-26871Critical9.820%KEV-
CVE-2014-4936High9.317%--
Embed a live status badge for CVE-2022-30260
CVE-2022-30260 severity badge

Markdown

[![CVE-2022-30260](https://tridentstack.com/cve/badge/CVE-2022-30260.svg)](https://tridentstack.com/cve/CVE-2022-30260)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-30260"><img src="https://tridentstack.com/cve/badge/CVE-2022-30260.svg" alt="CVE-2022-30260"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.