Risk Summary
Successful exploitation of these vulnerabilities could allow remote code execution, loss of sensitive information, denial-of-service, or allow an attacker to modify the controller configuration.
CVEs (2)
Remediations
- Emerson recommends the following:
- Upgrade to the currently available release of Ovation 3.8.0 Feature Pack 3 for remediation of many of the identified vulnerabilities.
- Users are advised to consider the use of OCR3000 controllers, which offer an extra layer of protection that is not available to older controller models.
- Deploy and configure Ovation systems and related components as described in the Cybersecurity for Ovation Systems manual (OVREF1000). Ovation Users' Group Website (User Manuals Reference Manuals) (login required)
- Users with questions or concerns regarding the impact of these vulnerabilities on Ovation should contact the Ovation-CERT by [email protected] or phone (1-800-445-9723, option 3).
Affected Vendors
Emerson
Affected Products (1)
Emerson
·
Ovation
<=3.8.0_Feature_Pack_1
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more