Emerson ControlWave Micro Process Automation Controller
Plan Patch7.5ICS-CERT ICSA-18-058-03Feb 27, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ControlWave Micro Process Automation Controller running firmware CWM v.05.78.00 and prior contains a stack-based buffer overflow vulnerability (CWE-121) that can be triggered remotely without authentication. The vulnerability allows denial of service attacks against the controller.
What this means
What could happen
An attacker on your network could crash the ControlWave Micro controller, disrupting process automation and potentially causing unplanned shutdowns of controlled equipment until the device is manually restarted.
Who's at risk
Water authorities and utilities operating Emerson ControlWave Micro controllers for process automation. These devices control critical equipment such as pumping stations, treatment processes, and distribution systems. Any facility using ControlWave Micro with firmware version 05.78.00 or earlier is vulnerable.
How it could be exploited
An attacker sends a crafted network packet to the ControlWave Micro controller that exploits a stack buffer overflow in the firmware. The overflow corrupts controller memory and crashes the device, causing denial of service. No credentials or special configuration are required.
Prerequisites
- Network access to the ControlWave Micro controller on the port it listens on
- Device running firmware version 05.78.00 or earlier
remotely exploitableno authentication requiredlow complexityaffects process automation systemsdenial of service impact
Exploitability
Moderate exploit probability (EPSS 1.7%)
Affected products (1)
ProductAffected VersionsFix Status
ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior≤ 05.78.0005.79.00
Remediation & Mitigation
0/3
Do now
0/1HARDENINGRestrict network access to ControlWave Micro controllers using firewall rules—allow only engineering workstations and authorized automation servers to communicate with these devices
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade ControlWave Micro firmware to version 05.79.00 or later
Long-term hardening
0/1HARDENINGSegment ControlWave Micro controllers onto a dedicated process automation network isolated from the corporate network
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0f12f01d-e0a9-40de-8e96-afc8da61a382