← Back to home
ICSA-20-135-02  ·  Published 2020-05-14  ·  View on CISA ICS-CERT ↗

Emerson WirelessHART Gateway

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could disable the internal gateway firewall. Once the gateway's firewall is disabled, a malicious user could issue specific commands to the gateway, which could then be forwarded on to the end user's wireless devices.

CVEs (1)

Remediations

  • Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.
  • If the VLAN feature is not enabled, no immediate action is necessary. Please see Emerson's cybersecurity notification alert number EMR.RMT20001-1 for more information.

Affected Vendors

Emerson

Affected Products (3)

Emerson · Wireless 1420 Gateway >= 4.6.43 | <= 4.7.84
Emerson · Wireless 1552WU Gateway >= 4.6.43 | <= 4.7.84
Emerson · Wireless 1410 Gateway >= 4.6.43 | <= 4.7.84

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more