Emerson DeltaV Multiple Vulnerabilities

Low RiskICS-CERT ICSA-12-138-01Feb 18, 2012

Summary

Emerson DeltaV versions 9.3.1, 10.3.1, 11.3, and 11.3.1 contain multiple vulnerabilities including buffer overflow (CWE-119), unrestricted resource consumption (CWE-400), cross-site scripting (CWE-79), and SQL injection (CWE-89). These vulnerabilities affect the DeltaV distributed control system, engineering workstations, and the ProEssentials Scientific Graph charting component (V5.0.0.6). An attacker could exploit these to execute arbitrary code, modify control logic, or disrupt process operations.

What this means

What could happen

An attacker could execute arbitrary code on DeltaV control systems or workstations, potentially disrupting process control, altering setpoints, or causing equipment shutdown. The ProEssentials charting component could be exploited to gain elevated access or bypass security controls on engineering workstations.

Who's at risk

This affects process manufacturing, chemical plants, and petrochemical facilities using Emerson DeltaV distributed control systems. Engineering teams and control room operators using DeltaV workstations are at risk. Organizations relying on ProEssentials graphical charting for real-time process visualization and monitoring are vulnerable.

How it could be exploited

An attacker with network access to the DeltaV system or workstation could send crafted input to trigger a buffer overflow (CWE-119), SQL injection (CWE-89), or XSS attack (CWE-79) through the web interface or client application. The ProEssentials graphing component may be exploited through malicious chart data or files loaded on an engineering workstation, allowing code execution in the context of the application.

Prerequisites

Network access to DeltaV web interface or client application port
User interaction to open a malicious chart file or visit compromised web content (for ProEssentials)
Knowledge of DeltaV system structure or default configuration

No patch availableBuffer overflow vulnerabilitySQL injection possibleCross-site scripting (XSS) possibleAffects control system core components

Exploitability

Moderate exploit probability (EPSS 2.4%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

DeltaV: 9.3.1|10.3.1|11.3|11.3.19.3.1|10.3.1|11.3|11.3.1No fix (EOL)

DeltaV ProEssentials Scientific Graph: V5.0.0.6V5.0.0.6No fix (EOL)

DeltaV Workstations: 9.3.1|10.3.1|11.3|11.3.19.3.1|10.3.1|11.3|11.3.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGDisable or restrict unnecessary web services and plugins on DeltaV systems and workstations

WORKAROUNDMonitor DeltaV systems for unusual process behavior, unexpected network connections, or attempts to modify control logic

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGApply input validation and output encoding controls to web interfaces to prevent injection attacks

HARDENINGRestrict user permissions on engineering workstations to prevent unauthorized ProEssentials component use

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: DeltaV: 9.3.1|10.3.1|11.3|11.3.1, DeltaV ProEssentials Scientific Graph: V5.0.0.6, DeltaV Workstations: 9.3.1|10.3.1|11.3|11.3.1. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to DeltaV systems and engineering workstations from untrusted networks

CVEs (5)

CVE-2012-1817 CVE-2012-1816 CVE-2012-1818 CVE-2012-1814 CVE-2012-1815

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/35e2ba3d-5aea-4257-ae70-2a5ce5a4e8d9