ICSA-24-030-01 · Published 2025-06-10 · View on CISA ICS-CERT ↗

Emerson Rosemount GC370XA, GC700XA, GC1500XA

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities.

CVEs (4)

CVE-2023-46687 CVE-2023-49716 CVE-2023-51761 CVE-2023-43609

Remediations

Emerson recommends end users update the affected products' firmware. For update information, contact Emerson Tech Support ([email protected]). Emerson recommends end users continue to use current cybersecurity industry best practices, and in the event such infrastructure is not implemented within an end user's network, the user should take action to ensure the affected product is connected to a well-protected network and not connected to the Internet.
For more information, refer to the Emerson Security web page.

Affected Vendors

Emerson

Affected Products (3)

Emerson · GC370XA <=4.1.5

Emerson · GC700XA <=4.1.5

Emerson · GC1500XA <=4.1.5

Affected Sectors

Energy, Chemical

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more