CVE-2025-52579

Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it.

CVSS v3 9.4 CRITICAL

9.4^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
https://www.emerson.com/en-us/support/security-notifications
https://www.emerson.com/en-us/support/software-downloads-drivers

Configurations

No configuration.

History

15 Jul 2025, 13:14

Type	Values Removed	Values Added
Summary		(es) Los productos Emerson ValveLink almacenan información confidencial en texto plano en la memoria. Esta información confidencial podría guardarse en disco, almacenarse en un volcado de memoria o permanecer sin borrar si el producto falla o si el programador no la borra correctamente antes de liberarla.

11 Jul 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 00:15

Updated : 2025-07-15 13:14

NVD link : CVE-2025-52579

Mitre link : CVE-2025-52579

CVE.ORG link : CVE-2025-52579

JSON object : View

Products Affected

No product.

CWE

CWE-316

Cleartext Storage of Sensitive Information in Memory

{"id": "CVE-2025-52579", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T00:15:26.597", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-189-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.emerson.com/en-us/support/security-notifications", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.emerson.com/en-us/support/software-downloads-drivers", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-316"}]}], "descriptions": [{"lang": "en", "value": "Emerson ValveLink Products store sensitive information in cleartext in memory. The \nsensitive memory might be saved to disk, stored in a core dump, or \nremain uncleared if the product crashes, or if the programmer does not \nproperly clear the memory before freeing it."}, {"lang": "es", "value": "Los productos Emerson ValveLink almacenan informaci\u00f3n confidencial en texto plano en la memoria. Esta informaci\u00f3n confidencial podr\u00eda guardarse en disco, almacenarse en un volcado de memoria o permanecer sin borrar si el producto falla o si el programador no la borra correctamente antes de liberarla."}], "lastModified": "2025-07-15T13:14:49.980", "sourceIdentifier": "ics-cert@hq.dhs.gov"}