OTPulse
FeedAboutContact

Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability

Monitor5ICS-CERT ICSA-16-334-03Sep 2, 2016
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

The Emerson DeltaV SE4801T1X Simplex and SE4801T0X Redundant Wireless I/O Cards contain an open SSH port that does not enforce authentication controls. Version 13.3 is affected, and Emerson has indicated no fix will be planned for these end-of-life products. An attacker with network access could connect to the SSH port and potentially read configuration data or alter I/O settings without providing credentials.

What this means
What could happen
An attacker with network access to the wireless I/O card could gain unauthorized access via an open SSH port and potentially read sensitive data or make unauthorized changes to wireless I/O configurations. This could disrupt communication between the card and connected field devices in your DeltaV control system.
Who's at risk
Emerson DeltaV operators managing process automation systems with wireless I/O cards (SE4801T1X Simplex and SE4801T0X Redundant models) should be aware of this vulnerability. This affects any facility using DeltaV's wireless instrumentation for remote I/O in process plants, refineries, utilities, and manufacturing environments.
How it could be exploited
An attacker on the same network as the DeltaV Wireless I/O Card could connect directly to the open SSH port without credentials due to missing authentication controls. Once connected, they could interact with the card's management interface to extract configuration data or modify I/O settings that affect process operations.
Prerequisites
  • Network access to the DeltaV Wireless I/O Card on the management port (SSH, typically port 22)
  • Device must be reachable from the attacker's network segment or a compromised device on that segment
Remotely exploitableNo authentication required on SSH portNo patch available (end-of-life product)Affects field device communications in control systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
SE4801T1X Simplex Wireless I/O Card: 13.313.3No fix (EOL)
SE4801T0X Redundant Wireless I/O Card: 13.313.3No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation and firewall rules to restrict access to the DeltaV Wireless I/O Card management port (SSH) to only authorized engineering workstations and control systems
WORKAROUNDDisable SSH access on the Wireless I/O Card if remote management is not required; use only local serial or out-of-band management methods
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor and log all access attempts to the Wireless I/O Card SSH port to detect unauthorized connection attempts
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: SE4801T1X Simplex Wireless I/O Card: 13.3, SE4801T0X Redundant Wireless I/O Card: 13.3. Apply the following compensating controls:
HARDENINGReview Emerson's guidance on secure wireless I/O deployment and apply principle of least privilege to management access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8647f9ae-293c-4383-b20b-89c6bf7f228e
Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability | CVSS 5 - OTPulse