← Back to home
ICSA-20-063-01  ·  Published 2020-03-03  ·  View on CISA ICS-CERT ↗

Emerson ValveLink

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow arbitrary code execution.

CVEs (1)

Remediations

  • ValveLink, v12.0.264 to v13.4.118: Apply upgrade for ValveLink v13.4.123 or higher.
  • Software upgrades are available to users by contacting an Emerson Impact Partner. AMS, Ovation, and DeltaV users with ValveLink can download the update through the Guardian Support Portal.
  • To limit exposure to this vulnerability, Emerson recommends immediately deploying and configuring the latest version of ValveLink as described in the ValveLink installation guide.

Affected Vendors

Emerson

Affected Products (1)

Emerson · ValveLink >= 12.0.264 | <= 13.4.118

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Healthcare and Public Health, Nuclear Reactors, Materials and Waste, Transportation Systems, Water

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more