Primary

Context

Emerson ValveLink Products Cleartext Storage of Sensitive Information Vulnerability

Vulnerability

Patched

A vulnerability exists in Emerson ValveLink products, including ValveLink SOLO, DTM, PRM, and SNAP-ON, all versions prior to 14.0. These products store sensitive information in cleartext in memory, which could be saved to disk, included in a core dump, or left uncleared after a crash. This vulnerability could allow an attacker to read sensitive information, tamper with parameters, and execute unauthorized code.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, manipulation of system parameters, and execution of unauthorized code on the affected system.

Remediation

Users are advised to update to ValveLink 14.0 or later. The update is available on the Emerson website. For more information, refer to the Emerson security notification regarding ValveLink.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.8

exploitability

4.7

remediation

7.9

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.8

exploitability

4.7

remediation

7.9

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Emerson ValveLink Products Cleartext Storage of Sensitive Information Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Emerson ValveLink SOLO

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating