ICSA-18-228-01 · Published 2018-08-16 · View on CISA ICS-CERT ↗

Emerson DeltaV DCS Workstations

CVSS 9.6 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations.

CVE-2018-14797 CVE-2018-14795 CVE-2018-14791 CVE-2018-14793

DeltaV DCS Versions: 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5: Apply patch from vendor.
Software patches are available to users with access to the Guardian Support Portal at https://guardian.emersonprocess.com/. Please refer to the Knowledge Base Article AK-1800- 0042 (DSN18003) for more information.
Vulnerabilities CVE-2018-14797, CVE-2018-14795, and CVE-2018-14791 cannot be exploited if application whitelisting is implemented since it would prevent files from being overwritten.
To limit exposure to these and other vulnerabilities, Emerson recommends deploying and configuring DeltaV systems and related components as described in the DeltaV Security Manual, which is available in Emerson's Guardian Support Portal.

Emerson

Emerson · DeltaV 11.3.1 | 12.3.1 | 13.3.0 | 13.3.1 R5

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.