ICSA-22-181-03 · Published 2022-06-30 · View on CISA ICS-CERT ↗

Emerson DeltaV Distributed Control System

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities can result in a denial-of-service condition, manipulation of runtime communications, or compromise of a controller.

CVEs (6)

CVE-2022-29957 CVE-2022-29962 CVE-2022-29963 CVE-2022-29964 CVE-2022-30260 CVE-2022-29965

Remediations

Emerson corrected the Firmware image verification vulnerability in Version 14.3 and mitigated it in all other versions. Please see the Emerson Guardian Support Portal (login required) for more information.
Emerson has mitigated CVE-2022-29962, CVE-2022-29963, and CVE-2022-29964 in all currently supported versions of DeltaV. Please see the Emerson Guardian Support Portal (login required) for more information.
Emerson has corrected CVE-2022-29965 in all currently supported versions of DeltaV. For additional mitigations and preventative measures, please see the Emerson Guardian Support Portal (login required).

Affected Vendors

Emerson

Affected Products (5)

Emerson · DeltaV CIOC/EIOC/WIOC IO cards vers:all/*

Emerson · DeltaV M-series vers:all/*

Emerson · DeltaV P-series vers:all/*

Emerson · DeltaV SIS vers:all/*

Emerson · DeltaV S-series vers:all/*

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more