Vulnerability identifier: #VU14447
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
DeltaV
Hardware solutions /
Firmware
Vendor: Emerson
Description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow. An adjacent attacker can use open communication port to trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
DeltaV: 11.3.1 - 13.3.1
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-228-01
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.