← Back to home
ICSA-22-221-02  ·  Published 2022-08-09  ·  View on CISA ICS-CERT ↗

Emerson ControlWave

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could cause file manipulation, remote code execution, or denial-of-service.

CVEs (1)

Remediations

  • Emerson ControlWave firmware updates can be restricted by the following methods: A hardware switch can be set to block remote firmware download. System variable “_APPLICATION_LOCKED” can be set TRUE to disable remote firmware download. Before installing firmware into the RTU, confirm the MD5/SHA256 Hashes published by Emerson on SupportNet (login required) match the firmware image, confirming it is genuine and unmodified.

Affected Vendors

Emerson

Affected Products (1)

Emerson · ControlWave vers:all/*

Affected Sectors

Oil & Gas, Petrochemical, Chemical, Life Sciences, Water and Wastewater, etc

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more