Security Advisory

CVE-2022-30262

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-17 14:27:08

Last updated 2024-08-03 06:40:47

Assigner mitre

State PUBLISHED

Description

The Emerson ControlWave Next Generation RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.

← Browse all CVEs View on cve.org ↗