OTPulse
FeedAboutContact

Emerson DeltaV Buffer Overflow

Low RiskICS-CERT ICSA-12-265-01Jun 25, 2012
Summary

A buffer overflow vulnerability exists in Emerson DeltaV versions V9.3.1, V10.3.1, V11.3, and V11.3.1. No patched version is currently available from the vendor. The vulnerability could allow remote code execution on affected DeltaV systems.

What this means
What could happen
A buffer overflow in Emerson DeltaV could allow an attacker to execute arbitrary code on the control system, potentially disrupting process operations or altering setpoints in critical industrial processes.
Who's at risk
Organizations running Emerson DeltaV control systems in process manufacturing, petrochemical, power generation, or water treatment facilities should assess this risk. This affects all users of DeltaV versions V9.3.1 through V11.3.1.
How it could be exploited
An attacker with network access to a DeltaV system could send a specially crafted input to trigger the buffer overflow, gain code execution on the DeltaV platform, and then manipulate process logic or operations.
Prerequisites
  • Network access to DeltaV system on the affected port or service
  • DeltaV version V9.3.1, V10.3.1, V11.3, or V11.3.1
No patch availableBuffer overflow vulnerability (low complexity exploitation)Affects distributed control systems used in critical infrastructure
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
DeltaV: V9.3.1V9.3.1No fix (EOL)
DeltaV: V10.3.1V10.3.1No fix (EOL)
DeltaV: V11.3V11.3No fix (EOL)
DeltaV: V11.3.1V11.3.1No fix (EOL)
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDMaintain offline backups of critical DeltaV configurations and process logic to enable rapid recovery if systems are compromised
Mitigations - no patch available
0/3
The following products have reached End of Life with no planned fix: DeltaV: V9.3.1, DeltaV: V10.3.1, DeltaV: V11.3, DeltaV: V11.3.1. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate DeltaV systems from untrusted networks and limit access to engineering workstations only
HARDENINGApply defense-in-depth controls such as firewalls, intrusion detection, and access control lists to restrict network traffic to DeltaV systems
HARDENINGMonitor DeltaV systems for suspicious network traffic and unauthorized access attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/da83b89d-2708-498f-b3d4-bd306822b334
Emerson DeltaV Buffer Overflow - OTPulse