Emerson OpenEnterprise

Plan Patch8.1ICS-CERT ICSA-20-049-02Feb 18, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

OpenEnterprise SCADA Server contains a memory corruption vulnerability in the Modbus and ROC interface components that could allow remote code execution without authentication. Affected versions are 2.83 (if Modbus/ROC installed) and 3.1 through 3.3.3. Exploitation requires network access and high skill level; no public exploits are known.

What this means

What could happen

An attacker could execute arbitrary code on your OpenEnterprise SCADA server, potentially allowing them to alter process logic, modify setpoints, or disrupt energy distribution control. This gives direct control over critical infrastructure operations.

Who's at risk

Energy utilities and SCADA operators running OpenEnterprise server for supervisory control and data acquisition, particularly those using Modbus or ROC protocol interfaces to communicate with remote terminal units (RTUs) and programmable logic controllers (PLCs).

How it could be exploited

An attacker with network access to the OpenEnterprise server could exploit a memory corruption vulnerability (CWE-122) in the Modbus or ROC interface components to execute code remotely. The attack requires no user interaction and has high complexity, but results in full code execution on the SCADA server.

Prerequisites

Network access to OpenEnterprise server port/interface
Modbus or ROC interfaces must be installed and enabled
No authentication required to trigger the vulnerability

remotely exploitableno authentication requiredhigh CVSS score (8.1)affects SCADA/critical infrastructurecode execution possiblememory corruption vulnerability

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

OpenEnterprise: Server 2.83 is affected if Modbus or ROC Interfaces have been installed and are in use2.83No fix yet

OpenEnterprise 3.1 through 3.3.3: all versionsAll versions3.3.4

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGPlace OpenEnterprise server behind a firewall and isolate it from business network

WORKAROUNDDisable Modbus and ROC interfaces if not actively in use

HARDENINGRestrict network access to OpenEnterprise server to authorized workstations only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade OpenEnterprise to version 3.3.4 (Service Pack 4) or later

Long-term hardening

0/1

HARDENINGIf remote access to OpenEnterprise is required, use a VPN with current security patches

CVEs (1)

CVE-2020-6970

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c4227542-3818-472d-a982-f72ac5b31bcf