ICSA-20-140-02 · Published 2020-05-19 · View on CISA ICS-CERT ↗

Emerson OpenEnterprise

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.

CVEs (3)

CVE-2020-10640 CVE-2020-10632 CVE-2020-10636

Remediations

Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. OpenEnterprise Service Packs are available to users with access to the Emerson SupportNet system (login required). Details will be found in the downloads area.
Please send any questions via a SupportNet ticket or by contacting Emerson at US 800-537-9313. For users outside of the United States, please use international toll-free numbers.

Affected Vendors

Emerson

Affected Products (1)

Emerson · OpenEnterprise <=3.3.4

Affected Sectors

Energy, Chemical, Critical Manufacturing, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more