CVE-2025-50109 | THREATINT

Description

Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.

PUBLISHED Reserved 2025-06-30 | Published 2025-07-10 | Updated 2025-07-11 | Assigner icscert

HIGH: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Default status

unaffected

Any version before ValveLink 14.0

affected

Credits

Emerson reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-189-01

www.emerson.com/en-us/support/security-notifications

www.emerson.com/en-us/support/software-downloads-drivers

cve.org (CVE-2025-50109)

nvd.nist.gov (CVE-2025-50109)

Download JSON

help @ threatint.eu