CVE-2022-30260

Name: CVE-2022-30260
Creator: NVD / NIST
Published: 2022-12-26T06:15:10.947+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.15%

Last modified Jun 17, 2026

CVE-2022-30260 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.

Description

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.15%

4.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
Emerson	Deltav Distributed Control System Sq Controller Firmware	< 14.3
Emerson	Deltav Distributed Control System Sx Controller Firmware	< 14.3
Emerson	Se4002s1t2b6 High Side 40-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4003s2b4 16-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4003s2b524-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4017p0 H1 I\/O Interface Card And Terminl Block Firmware	< 14.3
Emerson	Se4017p1 H1 I\/O Card With Integrated Power Firmware	< 14.3
Emerson	Se4019p0 Simplex H1 4-Port Plus Fieldbus I\/O Interface With Terminalblock Firmware	< 14.3
Emerson	Se4026 Virtual I\/O Module 2 Firmware	< 14.3
Emerson	Se4027 Virtual I\/O Module 2 Firmware	< 14.3
Emerson	Se4032s1t2b8 High Side 40-Pin Do Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4037p0 H1 I\/O Interface Card And Terminl Block Firmware	< 14.3
Emerson	Se4037p1 Redundant H1 I\/O Card With Integrated Power And Terminal Block Firmware	< 14.3
Emerson	Se4039p0 Redundant H1 4-Port Plus Fieldbus I\/O Interface With Terminalblock Firmware	< 14.3
Emerson	Se4052s1t2b6 High Side 40-Pin Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4082s1t2b8 High Side 40-Pin Do Mass I\/O Terminal Block Firmware	< 14.3
Emerson	Se4100 Simplex Ethernet I\/O Card \(Eioc\) Assembly Firmware	< 14.3
Emerson	Se4101 Simplex Ethernet I\/O Card \(Eioc\) Assembly Firmware	< 14.3
Emerson	Se4801t0x Redundant Wireless I\/O Card Firmware	< 14.3
Emerson	Ve4103 Modbus Tcp Interface For Ethernet Connected I\/O \(Eioc\) Firmware	< 14.3
Emerson	Ve4104 Ethernet\/Ip Control Tag Integration For Ethernet Connected I\/O \(Eioc\) Firmware	< 14.3
Emerson	Ve4105 Ethernet\/Ip Interface For Ethernet Connected I\/O \(Eioc\) Firmware	< 14.3
Emerson	Ve4106 Opc-Ua Client For Ethernet Connected I\/O \(Eioc\) Firmware	< 14.3
Emerson	Ve4107 Iec 61850 Mms Interface For Ethernet Connected I\/O \(Eioc\) Firmware	< 14.3

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03Third Party Advisory, US Government Resource
https://www.forescout.com/blog/Not Applicable, Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03Third Party Advisory, US Government Resource
https://www.forescout.com/blog/Not Applicable, Third Party Advisory

Timeline

Published: Dec 26, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-30260?

How severe is CVE-2022-30260?

CVE-2022-30260 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.15% probability of exploitation in the next 30 days.

How do I fix CVE-2022-30260?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-30260?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST