CVE-2025-46358 | THREATINT

Description

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

PUBLISHED Reserved 2025-06-30 | Published 2025-07-10 | Updated 2025-07-11 | Assigner icscert

HIGH: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Credits

Emerson reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-189-01

www.emerson.com/en-us/support/security-notifications

www.emerson.com/en-us/support/software-downloads-drivers

cve.org (CVE-2025-46358)

nvd.nist.gov (CVE-2025-46358)

Download JSON

help @ threatint.eu