These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-53471 is a medium-severity issue in Emerson ValveLink products where input is not properly validated before processing. CISA’s advisory lists ValveLink SOLO, DTM, PRM, and SNAP-ON as affected when running versions earlier than 14.0. The supplied CVSS vector indicates a local, high-complexity issue with integrity impact only, and Emerson recommends upgrading to ValveLink 14.0 or later.
CVE-2025-52579 is a critical information-disclosure issue in Emerson ValveLink products. According to the CISA CSAF advisory, sensitive data was stored in cleartext in memory and could be written to disk, captured in a core dump, or remain uncleared after a crash or improper free. Emerson advises updating affected ValveLink products to version 14.0 or later.
CVE-2025-50109 is a high-severity information exposure issue in Emerson ValveLink products. According to CISA’s advisory, affected versions of ValveLink SOLO, DTM, PRM, and SNAP-ON before 14.0 may store sensitive information in cleartext in a resource that could be accessible across a control sphere boundary. Emerson recommends upgrading to ValveLink 14.0 or later.
CVE-2025-48496 is a search path vulnerability in Emerson ValveLink products. CISA’s advisory says the issue affects ValveLink SOLO, DTM, PRM, and SNAP-ON versions earlier than 14.0. The published CVSS 3.1 score is 5.1 (Medium), with local attack vector, high attack complexity, no privileges required, no user interaction, and high availability impact. Emerson’s recommended remediation is to update to Valve [truncated]
CVE-2025-46358 is a high-severity vulnerability in Emerson ValveLink products where the software does not use, or incorrectly uses, a protection mechanism sufficient to defend against directed attacks. CISA’s advisory lists ValveLink SOLO, DTM, PRM, and SNAP-ON versions before 14.0 as affected and recommends updating to ValveLink 14.0 or later.
CVE-2022-30268 is a medium-severity vulnerability affecting Emerson PACSystem industrial controllers and Fanuc VersaMax devices. The Winloader utility, used for firmware updates via serial port or serial-over-Ethernet connections, lacks authentication mechanisms. This allows an attacker with physical or network proximity to push malicious firmware images, potentially causing denial-of-service or enabling [truncated]
CVE-2022-30267 is a HIGH severity vulnerability (CVSS 7.5) affecting Emerson Ovation industrial control systems, published 2024-06-06. The vulnerability stems from missing authentication of firmware signing and reliance on insecure checksums for integrity verification. This weakness enables attackers to push malicious firmware images, potentially causing denial-of-service conditions or achieving remote co [truncated]
CVE-2022-30266 is a medium-severity vulnerability affecting Emerson PACSystem industrial controllers and Fanuc VersaMax devices. The issue stems from client-side JavaScript implementing a simple hashing scheme for credential protection. An attacker positioned to intercept network traffic could capture these hashes, strip the hashing mechanism, and recover plaintext credentials. However, multiple constrain [truncated]
A medium-severity vulnerability in Emerson PAC Machine Edition and PACSystem PLCs allows control logic to be downloaded without cryptographic authentication. The flaw affects logic written in IEC 61131-3 languages or C/ELF binary blocks, enabling an attacker with local access and high privileges to modify PLC logic without detection. Published June 6, 2024, this vulnerability carries a CVSS 3.1 score of 4 [truncated]
CVE-2022-30263 (published 2024-06-06) is a MEDIUM severity vulnerability (CVSS 5.9) affecting Emerson PAC Machine Edition and multiple PACSystem PLC families (RXi, RX3i, RSTi-EP, VersaMax) as well as Fanuc VersaMax. The core issue is cleartext credential transmission in the affected products' protocol, which could allow network-based attackers to retrieve credentials and gain PLC control. The advisory not [truncated]
CVE-2022-29966 is a critical vulnerability in Emerson Ovation industrial control systems, published by CISA on June 6, 2024. The vulnerability stems from multiple protocols lacking authentication mechanisms, enabling unauthenticated remote attackers to modify controller configurations or induce denial-of-service conditions. The affected product is Emerson Ovation versions 3.8.0 Feature Pack 1 and earlier. [truncated]
CVE-2016-9347 is a medium-severity issue affecting Emerson DeltaV Wireless I/O Cards running firmware v13.3. The problem is that SSH is enabled unnecessarily on the SE4801T0X and SE4801T1X cards, increasing the management exposure of the device. Defenders should verify whether these cards are present, limit SSH exposure, and follow the linked vendor or ICS-CERT guidance for supported hardening steps.
CVE-2016-9345 describes a privilege-escalation issue in Emerson DeltaV Easy Security Management affecting DeltaV V12.3, V12.3.1, and V13.3. The published impact is that a local attacker may elevate privileges within the DeltaV control system. NVD classifies the issue as CVSS 6.8 (Medium) with a vector that includes adjacent access, high attack complexity, high privileges, no user interaction, and scope change.
CVE-2016-8348 is a critical XML External Entity (XXE) vulnerability affecting Emerson Liebert SiteScan Web version 6.5 and earlier. According to the NVD record, a weakly configured XML parser can be abused through malicious input, which may expose server or connected network file contents and can also lead to arbitrary code execution.