Emerson ROC800 Multiple Vulnerabilities (Update A)

CVEs (5)

Remediations

• The best mitigation for these vulnerabilities is to install the vendor patch. The Emerson Process Management patch is available via the following web link of which a user name and password is required: (http://www3.emersonprocess.com/remote/support/support_login.html)
• Emerson has identified and verified that a third-party secure router, the Moxa EDR-810, mitigates the identified vulnerabilities when used in combination with the ROC800 platform. Emerson asserts that by adding the EDR-810 between the host and the field device it is virtually impossible for an attacker to eavesdrop on communications or falsify commands.
• The EDR-810 is a highly integrated industrial multiport secure router with Firewall/NAT/VPN. The compatibility of the EDR-810 with the ROC800 platform has been tested and verified by Emerson Remote Automation Solutions. Emerson has determined that the EDR-810 is suitable for field installation. The EDR-810 uses IPSec server or client mode for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentication.
• Additional information about the Moxa EDR-810 secure router is available at the following location: (http://www.moxa.com/product/EDR-810.htm)

Affected Vendors

Affected Products (3)