ICSA-21-278-02 · Published 2021-10-05 · View on CISA ICS-CERT ↗

Emerson WirelessHART Gateway

CVSS 8.0 HIGH

Risk Summary

Successful exploitation of these vulnerabilities by an authenticated user can allow root level arbitrary write permission, which can lead to remote code execution.

CVEs (6)

CVE-2021-42539 CVE-2021-38485 CVE-2021-42542 CVE-2021-42540 CVE-2021-42538 CVE-2021-42536

Remediations

Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.
Users can visit the Emerson Gate Firmware site for and download instructions.
If affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide.

Affected Vendors

Emerson

Affected Products (3)

Emerson · WirelessHART 1420 Gateway < 4.7.94

Emerson · WirelessHART 1410 Gateway < 4.7.94

Emerson · WirelessHART 1410D Gateway < 4.7.94

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more