Emerson DeltaV DCS Workstations fixed several vulnerabilities recently, including path traversal, privilege escalation, stack-based buffer overflow, etc. The highest CVSS 3.0 base score is 9.6. Emerson has released patches to address these problems.
For detailed information, please visit: https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01

Description

  • CVE-2018-14797
    CVSS v3: 8.2
    A specially crafted DLL file may be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.

 

  • CVE-2018-14795
    CVSS v3: 8.8
    Improper path validation may allow attackers to replace executable files.

 

  • CVE-2018-14791
    CVSS v3: 8.2
    Non-administrative users are allowed to change executable and library files on the affected products.

 

  •  CVE-2018-14793
    CVSS v3: 9.6
    An open communication port could be exploited for arbitrary code execution.

Affected Versions

  • DeltaV: v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5

Solution

Software patches are available to users with access to the Guardian Support Portal at https://guardian.emersonprocess.com/

Leave a Reply

Your email address will not be published. Required fields are marked *