ICSA-18-270-01
·
Published 2018-09-27
·
View on CISA ICS-CERT ↗
Emerson AMS Device Manager
CVSS 10.0
CRITICAL
Risk Summary
Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection.
CVEs (2)
Remediations
- AMS Device Manager: v12.0 to v13.5 Software patches are available to users with access to the Guardian Support Portal at:
- Please refer to the Knowledge Base Articles for AMS NK-1700-0324, NK-1700-0252 and DeltaV NK-1800-0880 (DSN 18006) for more information.
- To limit exposure to these and other vulnerabilities, Emerson recommends deploying and configuring AMS Device Manager as described in the AMS Device Manager Installation Guide which is available in Emerson's Guardian Support Portal.
- Vulnerability CVE-2018-14808 cannot be exploited if application whitelisting is implemented since it would prevent files from being overwritten.
Affected Vendors
Emerson
Affected Products (1)
Emerson
·
AMS Device Manager
>= 12.0 | <= 13.5
Affected Sectors
Chemical, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more