CVE-2014-2349

CVE-2014-2349: Emerson DeltaV Use of Improper Authorization

Vendor Emerson

Product DeltaV

Weakness CWE-285

Published May 22, 2014

Last update October 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.

Key dates

02Disclosure timeline

May 22, 2014 CVE published

October 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2014-2349 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2014-2349

CWE CWE-285

Affected versions

Vendor Emerson

Product DeltaV

Affected 10.3.1

Vendor Emerson

Product DeltaV

Affected 11.3

Vendor Emerson

Product DeltaV

Affected 11.3.1

Vendor Emerson

Product DeltaV

Affected 12.3

CVE-2014-2349: Emerson DeltaV Use of Improper Authorization

01Description

02Disclosure timeline

03References

04Related CVE