Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00027Percentile:
0.05819
CVSS Scoring
CVSS v3.1 Score: 7.8
Severity: HIGH
Mapped CWE(s)
CWE-345
: Insufficient Verification of Data Authenticity
All CAPEC(s)
CAPEC-111 : JSON Hijacking (aka JavaScript Hijacking)
CAPEC-141 : Cache Poisoning
CAPEC-142 : DNS Cache Poisoning
CAPEC-148 : Content Spoofing
CAPEC-218 : Spoofing of UDDI/ebXML Messages
CAPEC-384 : Application API Message Manipulation via Man-in-the-Middle
CAPEC-385 : Transaction or Event Tampering via Application API Manipulation
CAPEC-386 : Application API Navigation Remapping
CAPEC-387 : Navigation Remapping To Propagate Malicious Content
CAPEC-388 : Application API Button Hijacking
CAPEC-665 : Exploitation of Thunderbolt Protection Flaws
CAPEC-701 : Browser in the Middle (BiTM)
CAPEC(s) with Mapped TTPs
CAPEC-141 : Cache Poisoning
Mapped TTPs:
CAPEC-142 : DNS Cache Poisoning
Mapped TTPs:
CAPEC-148 : Content Spoofing
Mapped TTPs:
CAPEC-665 : Exploitation of Thunderbolt Protection Flaws
Mapped TTPs:
T1211
: Exploitation for Defense Evasion
T1542.002
: Component Firmware
T1556
: Modify Authentication Process
Mapped ATT&CK TTPs
T1557.002
: ARP Cache Poisoning
Kill Chain: credential-access
T1584.002
: DNS Server
Kill Chain: resource-development
T1491
: Defacement
Kill Chain: impact
T1211
: Exploitation for Defense Evasion
Kill Chain: defense-evasion
T1542.002
: Component Firmware
Kill Chain: persistence
T1556
: Modify Authentication Process
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:o:emerson:deltav_distributed_control_system_sq_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:deltav_distributed_control_system_sx_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4002s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4003s2b4_16-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4003s2b524-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4017p0_h1_i\/o_interface_card_and_terminl_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4017p1_h1_i\/o_card_with_integrated_power_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4019p0_simplex_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4026_virtual_i\/o_module_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4027_virtual_i\/o_module_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4032s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4037p0_h1_i\/o_interface_card_and_terminl_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4037p1_redundant_h1_i\/o_card_with_integrated_power_and_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4039p0_redundant_h1_4-port_plus_fieldbus_i\/o_interface_with_terminalblock_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4052s1t2b6_high_side_40-pin_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4082s1t2b8_high_side_40-pin_do_mass_i\/o_terminal_block_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4100_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4101_simplex_ethernet_i\/o_card_\(eioc\)_assembly_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\/o_card_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:ve4103_modbus_tcp_interface_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:ve4104_ethernet\/ip_control_tag_integration_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:ve4105_ethernet\/ip_interface_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:ve4106_opc-ua_client_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:emerson:ve4107_iec_61850_mms_interface_for_ethernet_connected_i\/o_\(eioc\)_firmware:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me