How severe is CVE-2022-29965?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-29965?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2022-29965

MEDIUM Year: 2022

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-327

View all →

Vulnerability Description

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.

CVE-2013-2213

MEDIUM

CVSS:5.5(Medium)

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent atta...

CWE-3272013

CVE-2017-1571

MEDIUM

CVSS:5.5(Medium)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive ...

CWE-3272017

CVE-2017-1575

MEDIUM

CVSS:5.5(Medium)

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sens...

CWE-3272017

CVE-2018-1428

MEDIUM

CVSS:5.5(Medium)

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X...

CWE-3272018

CVE-2019-18340

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNV...

CWE-3272019

CVE-2019-20775

MEDIUM

CVSS:5.5(Medium)

An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LV...

CWE-3272019

CVE-2022-29965

Vulnerability Description

Related Vulnerabilities

CVE-2013-2213

CVE-2017-1571

CVE-2017-1575

CVE-2018-1428

CVE-2019-18340

CVE-2019-20775