← Back to home
ICSA-24-158-01  ·  Published 2024-06-06  ·  View on CISA ICS-CERT ↗

Emerson PACSystem and Fanuc

CVSS 5.9 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow remote code execution, loss of sensitive information, or a denial-of-service condition.

CVEs (4)

Remediations

  • Emerson recommends the following:
  • For CVE-2022-30263, see the following sections of PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y): 2.4 General Recommendations 4.3.3 Secure Login 4.3.4 Recommendations, Paragraph 2 If SRP6-a is not being used to secure authentication, see Section 2.4 General Recommendations and Section 6.1 Reference Architecture 5.2.1.1 Disabling Ethernet Services
  • 2.4 General Recommendations
  • 4.3.3 Secure Login
  • 4.3.4 Recommendations, Paragraph 2
  • If SRP6-a is not being used to secure authentication, see Section 2.4 General Recommendations and Section 6.1 Reference Architecture
  • 5.2.1.1 Disabling Ethernet Services
  • 4.3 Authentication
  • 4.3.4 Recommendations, Paragraph 3
  • 4.3.4.1 Personnel Security Protection
  • 4.3.4.2 Physical Security Perimeter Protection
  • For CVE-2022-30263, see the following sections of PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y):
  • 6.1 Reference Architecture
  • For CVE-2022-30268, see the following sections of PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y): 4.3 Authentication 4.3.4 Recommendations, Paragraph 3 4.3.4.1 Personnel Security Protection 4.3.4.2 Physical Security Perimeter Protection
  • For CVE-2022-30268, see the following sections of PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y):
  • Emerson has updated the Fanuc VersaMax Secure Deployment Guide (GFK-2955D) to include the above recommendations for CVE-2022-30268.
  • For CVE-2022-30266, see the following sections of PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y): 2.4 General Recommendations 5.2.1.1 Disabling Ethernet Services 6.1 Reference Architecture
  • For CVE-2022-30266, see the following sections of PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y):
  • For CVE-2022-30265, see the following sections of the PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y): 4.3.4.1 Personnel Security Protection 4.3.4.2 Physical Security Perimeter Protection
  • For CVE-2022-30265, see the following sections of the PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y):

Affected Vendors

Emerson

Affected Products (6)

Emerson · PAC Machine Edition vers:all/*
Emerson · PACSystem RXi vers:all/*
Emerson · PACSystem RX3i vers:all/*
Emerson · PACSystem RSTi-EP vers:all/*
Emerson · PACSystem VersaMax vers:all/*
Emerson · Fanuc VersaMax vers:all/*

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more