Emerson’s OpenEnterprise SCADA software has Inadequate Encryption Strength. Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems. This may result in security bypass.
OpenEnterprise All versions through 3.3.5
Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 6 (3.3.6), to resolve this issue. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required).