Emerson DeltaV Vulnerabilities

Low RiskICS-CERT ICSA-14-133-02Feb 13, 2014

Summary

Emerson DeltaV contains improper access control vulnerabilities (CWE-285: Improper Authorization, CWE-798: Use of Hard-Coded Credentials) affecting versions 10.3.1, 11.3, 11.3.1, and 12.3. The vulnerabilities allow unauthorized access to the DeltaV control system.

What this means

What could happen

An attacker with network access to DeltaV could gain unauthorized control over the process automation system, potentially allowing modification of control logic, setpoints, alarms, or complete disruption of operations at water treatment, electric generation, or other critical infrastructure facilities.

Who's at risk

Water utilities, electric utilities, refineries, and chemical plants using Emerson DeltaV as their primary process control system. Any organization relying on DeltaV for automation of critical manufacturing or infrastructure processes should evaluate exposure, particularly those with DeltaV systems directly connected to corporate networks or accessible from outside the plant.

How it could be exploited

An attacker on the network could exploit improper access controls or hard-coded credentials to authenticate to DeltaV without valid engineering credentials, gaining direct access to the control system. Once authenticated, they could manipulate process parameters or shutdown operations.

Prerequisites

Network access to DeltaV system (port 502 or engineering network)
Knowledge of hard-coded credentials or default account names (if CWE-798 is primary vector)

No patch availableImproper authorization controlsHard-coded credentials likely presentAffects safety-critical process control systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

DeltaV: 10.3.1|11.3|11.3.1|12.310.3.1|11.3|11.3.1|12.3No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate DeltaV engineering network from corporate IT network using air gap or one-way firewall rules; restrict access to DeltaV to authorized engineering workstations only

HARDENINGImplement network segmentation and access controls to prevent unauthorized DeltaV access from outside the control network

WORKAROUNDEnable and review DeltaV audit logging to detect unauthorized access attempts or configuration changes

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGConduct inventory of all DeltaV instances and verify which versions are deployed

Long-term hardening

0/1

HOTFIXDevelop and test migration plan to upgrade to a newer, patched version of DeltaV or alternative control platform

CVEs (2)

CVE-2014-2349 CVE-2014-2350

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/66b2c28b-cc81-46b4-88c0-60caa9eb7365