OTPulse
FeedAboutContact

Emerson DeltaV

Plan Patch8.8ICS-CERT ICSA-19-010-01Jan 10, 2019
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Emerson DeltaV DCS allows an attacker on an adjacent network to send malformed packets that shut down critical services, causing denial of service. The vulnerability affects versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, and R6. No known public exploits exist, and this is not currently being actively exploited. Emerson has released patches available through the Guardian Support Portal.

What this means
What could happen
An attacker on an adjacent network could shut down DeltaV DCS services, causing a denial of service that interrupts process monitoring and control until the system is manually restarted.
Who's at risk
Water and electric utility operators running Emerson DeltaV DCS (Distributed Control System) in their SCADA environments. This affects process automation and monitoring equipment used in treatment plants, pump stations, and power generation facilities.
How it could be exploited
An attacker on the same network segment as the DeltaV DCS sends specially crafted packets that crash or shut down a critical service. No authentication or user interaction is required. The attacker must have network access to the DCS from an adjacent network.
Prerequisites
  • Network access from an adjacent network segment to the affected DeltaV DCS
  • No authentication required
  • No user interaction required
remotely exploitableno authentication requiredlow complexityaffects process availability and controlvulnerable versions widely deployed in utilities
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
DeltaV DCS:11.3.1 | 11.3.2 | 12.3.1 | 13.3.1 | 14.3 | R5.1 | ≤ R6No fix yet
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGLocate DeltaV DCS systems behind a firewall and isolate them from the business network to prevent adjacent network access
WORKAROUNDRestrict network access to DeltaV DCS to only authorized engineering workstations and control room devices; block external and business network connectivity
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Emerson security patches available through the Guardian Support Portal to DeltaV DCS versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, or R6
Long-term hardening
0/1
HARDENINGReview and apply Emerson DeltaV Security Manual recommendations for secure deployment and configuration
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/176d0ae6-d137-443a-ac09-13466444de02
Emerson DeltaV | CVSS 8.8 - OTPulse