← Back to home
ICSA-13-053-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Emerson DeltaV Uncontroller Resource Consumption Vulnerability

CVSS 6.1 MEDIUM

CVEs (1)

Remediations

  • Emerson has created a hotfix that resolves this vulnerability. Customer notification KBA_NK-1300-0007 will be sent to customers who own a DeltaV control system. The notification provides details of the vulnerability, recommended mitigations, and instructions on obtaining and installing the hotfix. Emerson recommends that customers using DeltaV v7.x, v8.x, v9.3.x, v10.3, and v11.3 or earlier update to DeltaV v10.3.1 or v11.3.1 or install the DeltaV Controller Firewall to mitigate this vulnerability. Customers can obtain the customer notification by contacting their Emerson sales office.
  • According to Emerson and confirmed by Joel Langill, the DeltaV Controller Firewall mitigates this vulnerability
  • however, Emerson recommends that all users install the hotfix.

Affected Vendors

Emerson

Affected Products (5)

Emerson · DeltaV SE3006 SD Plus Controller <=11.3.1
Emerson · DeltaV VE3005 Controller MD Hardware <=10.3.1
Emerson · DeltaV VE3005 Controller MD Hardware <=11.3.1
Emerson · DeltaV VE3006 Controller MD PLUS Hardware <=10.3.1
Emerson · DeltaV VE3006 Controller MD PLUS Hardware <=11.3.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more