Security Advisory

Emerson AMS Device Manager Remote Access and Privilege Elevation

Network Share Exposure with Default Credentials; Local Credential Exposure

Risk Information

Limited Threat

CVE ID

CVE-2022-31652

CVE-2022-31653

Vunerability Type

Network Share Exposure with Default Credentials

Local Credential Exposure

CVSS3 Score

7.2

7.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AMS Device Manager: v14.5 an prior

Emerson plans to release a patch in the future.

01/25/2023