Emerson WirelessHART Gateway

Act Now10ICS-CERT ICSA-20-135-02May 14, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Emerson Wireless Gateway versions 4.6.43 through 4.7.84 allows an attacker to disable the internal gateway firewall without authentication. Once the firewall is disabled, the attacker can send commands that are forwarded to wireless field devices. The vulnerability only affects gateways with VLAN feature enabled. No patch has been released; Emerson recommends disabling the VLAN feature if not required, or updating if a newer firmware version becomes available.

What this means

What could happen

An attacker could disable the internal firewall on Emerson WirelessHART gateways and then send commands to wireless field devices, potentially altering process setpoints or disrupting monitoring of critical assets like sensors and transmitters across your plant.

Who's at risk

Water authorities and utilities operating Emerson WirelessHART gateways (models 1420, 1552WU, 1410) with VLAN features enabled. This affects any facility using wireless field instruments such as pressure transmitters, temperature sensors, flow meters, or wireless I/O modules for process monitoring and control.

How it could be exploited

An attacker with network access to the gateway sends a specific command that disables the internal firewall. Once disabled, the attacker can forward malicious commands through the gateway to wireless devices on the network, such as pressure transmitters, temperature sensors, or control nodes.

Prerequisites

Network access to the WirelessHART gateway
VLAN feature must be enabled on the gateway
No authentication required to send the firewall-disabling command

remotely exploitableno authentication requiredlow complexityaffects field device communicationno patch available for affected versions

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

Wireless 1420 Gateway: revisions 4.6.43 to 4.7.84≥ 4.6.43 | ≤ 4.7.84No fix (EOL)

Wireless 1552WU Gateway: revisions 4.6.43 to 4.7.84≥ 4.6.43 | ≤ 4.7.84No fix (EOL)

Wireless 1410 Gateway: revisions 4.6.43 to 4.7.84≥ 4.6.43 | ≤ 4.7.84No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDisable the VLAN feature on Wireless gateways if it is not actively used in your deployment

HARDENINGRestrict network access to WirelessHART gateways using firewall rules; only permit trusted engineering workstations and control systems to communicate with gateway management ports

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate firmware on VLAN-enabled Version 4 Wireless gateways to a version newer than 4.7.84

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Wireless 1420 Gateway: revisions 4.6.43 to 4.7.84, Wireless 1552WU Gateway: revisions 4.6.43 to 4.7.84, Wireless 1410 Gateway: revisions 4.6.43 to 4.7.84. Apply the following compensating controls:

HARDENINGIsolate WirelessHART gateway networks from the business network using a separate VLAN or air gap

CVEs (1)

CVE-2020-12030

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9c59a9dc-3e70-4032-a69b-1982a65edd70