Emerson DeltaV Easy Security Management Application Vulnerability

Monitor6.8ICS-CERT ICSA-16-334-02Sep 2, 2016

Attack VectorAdjacent

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

The Emerson DeltaV Easy Security Management Application contains an improper privilege management vulnerability (CWE-269) that allows an authenticated administrator to bypass authorization checks. An attacker with administrative credentials could circumvent security controls to access unauthorized functions or data within the control system. The vulnerability affects DeltaV versions 12.3, 12.3.1, and 13.3. No vendor patch is available for any affected version.

What this means

What could happen

An attacker with administrative access to the DeltaV Easy Security Management Application could bypass security controls and gain unauthorized access to the control system, potentially allowing them to modify process configurations or view sensitive system data.

Who's at risk

Process manufacturing facilities and utilities using Emerson DeltaV control systems for automation, particularly organizations that have deployed the Easy Security Management Application for user access control. This affects anyone relying on DeltaV for critical process control.

How it could be exploited

An attacker with administrative credentials on the DeltaV system must access the Easy Security Management Application locally or over the network. The attacker can then exploit improper privilege management to bypass authorization checks and access protected functions or data they should not have access to.

Prerequisites

Administrative credentials for the DeltaV system
Access to the DeltaV Easy Security Management Application (local or network access)
Knowledge of the specific authorization bypass method

No patch availableRequires administrative credentialsAffects process control system authorizationModerate CVSS score (6.8)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

DeltaV: V12.3V12.3No fix yet

DeltaV: V12.3.1V12.3.1No fix yet

DeltaV: V13.3V13.3No fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDMonitor access logs and activity on the DeltaV system for unauthorized administrative attempts or unusual privilege escalation

Long-term hardening

0/2

HARDENINGNetwork segment the DeltaV system to restrict access to the Easy Security Management Application from only authorized engineering workstations

HARDENINGLimit administrative access to DeltaV systems; ensure only essential personnel have credentials and enforce strong password policies

CVEs (1)

CVE-2016-9345

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2f650b4f-f208-48ae-83be-c323f9213e70