Emerson ROC800 Multiple Vulnerabilities (Update B)

CVEs (5)

Remediations

• The best mitigation for these vulnerabilities is to install the vendor patch. The Emerson Process Management patch is available via the following web link of which a user name and password is required: (http://www3.emersonprocess.com/remote/support/support_login.html)
• Emerson has identified and verified that a third-party secure router, the Moxa EDR-810, mitigates the identified vulnerabilities when used in combination with the ROC800 platform. At this time, Emerson recommends that concerned asset owners install the EDR 810 between the host and the field device to mitigate this vulnerability.
• The EDR-810 is a secure router with firewall capabilities. The compatibility of the EDR-810 with the ROC800 platform has been tested and verified by Emerson Remote Automation Solutions. Emerson has determined that the EDR-810 is suitable for field installation. The EDR‑810 uses IPSec for encryption and authentication of all IP packets at the network layer to ensure confidentiality and sender authentication.
• Additional information about the Moxa EDR-810 secure router is available at the following location: (http://www.moxa.com/product/EDR-810.htm)

Affected Vendors

Affected Products (3)