Authentication bypass in Emerson DeltaV

Published: 2019-01-11 09:53:16
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-19021
CVSSv3 7.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U/RL:O/RC:C]
CWE ID CWE-592
Exploitation vector Local network
Public exploit N/A
Vulnerable software DeltaV
Vulnerable software versions DeltaV R6
DeltaV R5.1
DeltaV 14.3

Show more

Vendor URL Emerson

Security Advisory

1) Authorization bypass

Description

The vulnerability allows an adjacent attacker to bypass authentication on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An adjacent unauthenticated attacker can supply a specially crafted script to bypass the authentication of a maintenance port of a service and cause a denial of service.

Remediation

Install update from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01

Back to List