Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00077Percentile:
0.23721
CVSS Scoring
CVSS v3.1 Score: 5.5
Severity: MEDIUM
Mapped CWE(s)
CWE-798
: Use of Hard-coded Credentials
All CAPEC(s)
CAPEC-191 : Read Sensitive Constants Within an Executable
CAPEC-70 : Try Common or Default Usernames and Passwords
CAPEC(s) with Mapped TTPs
CAPEC-191 : Read Sensitive Constants Within an Executable
Mapped TTPs:
CAPEC-70 : Try Common or Default Usernames and Passwords
Mapped TTPs:
Mapped ATT&CK TTPs
T1552.001
: Credentials In Files
Kill Chain: credential-access
T1078.001
: Default Accounts
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Leviathan Australian Intrusions HomeLand Justice
Affected Products
cpe:2.3:a:emerson:openbsi:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:-:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:sp1:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:sp2:*:*:*:*:*:*
cpe:2.3:a:emerson:openbsi:5.9:sp3:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me