Emerson AMS Device Manager SQL Injection Vulnerability

CVEs (1)

Remediations

• Emerson recommends that systems using the AMS Device Manager application take the following steps soon to eliminate exposure to this vulnerability.
• AMS Device Manager application v12.5
• Apply the patch according to the instructions in Knowledge Base Article NK-1400-0504 (http://www3.emersonprocess.com/Systems/Support/Home/index.aspx, login required), upgrade to v13, or apply the workaround below.
• Versions prior to AMS Device Manager v12.5
• The AMS Device Manager software can be configured to add another user (e.g., ADMIN1) with full administrative privileges and make the default administrative user have read-only privileges. Please see DeltaV PSIRT advisory notification DSN15003-2 for more details on this issue at the following location (may require membership account): (http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability)

Affected Vendors

Affected Products (1)