Monday, May 26, 2014

Emerson DeltaV Vulnerabilities/Fixes

DeltaV Versions 10.3.1, 11.3, 11.3.1, and 12.3
Can be related to Emerson AMS Device Management version, Emerson AMS Wireless SNAP-ON also.

CVE-2014-2349 - World writable system folder
CVE-2014-2350 - Hardcoded credentials

Please find fixes in KBA NK-1400-0031.

Kudos: Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov

Emerson has assigned CVSS v2 base score of 2.4; the CVSS vector string is (AV:L/AC:H/Au:S/C:N/I:P/A:P).

Hmmm, 2.4? BTW



Monday, May 5, 2014

Too Smart Grid in da Cloud

Vulnerabilities/fixes in SolarLog Solar Plant Data Loger (

PT-2014-08: Password Access in Solar-Log
PT-2014-07: Sensitive Information Disclosure in Solar-Log
PT-2014-06: Arbitrary File Upload in Solar-Log