Emerson WirelessHART Gateway

Plan Patch8ICS-CERT ICSA-21-278-02Oct 5, 2021

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in Emerson WirelessHART Gateway models 1420, 1410, and 1410D allow authenticated users to escalate privileges to root level and achieve arbitrary code execution. The vulnerabilities result from insufficient input validation and path traversal flaws. Successful exploitation by an authenticated attacker can lead to full system compromise, allowing modification of gateway behavior and wireless field device communications.

What this means

What could happen

An authenticated attacker could gain root-level access to the WirelessHART Gateway and execute arbitrary code, potentially allowing them to alter sensor readings, modify process commands, or disrupt wireless field device communication in your plant.

Who's at risk

Plant automation and process control teams using Emerson WirelessHART gateways to manage wireless field instrumentation (pressure transmitters, temperature sensors, flow meters, and valve positioners). This affects any plant running water quality monitoring, treatment processes, or pressure/flow regulation that depends on wireless device communication through these gateways.

How it could be exploited

An attacker with valid credentials for the gateway (e.g., engineering account or legitimate user account) connects to the device and exploits input validation or path traversal flaws to write malicious files to the system. This results in remote code execution with root privileges, giving the attacker full control over gateway operations and the wireless network it manages.

Prerequisites

Valid user credentials (engineering account or system user account)
Network access to the WirelessHART Gateway management interface (typically HTTP/HTTPS)
Authentication required before exploitation

Requires valid credentials (not unauthenticated)Input validation and path traversal flawsRoot-level code execution possibleAffects wireless device network connectivity and sensor integrityNo patch available for some models

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

WirelessHART 1420 Gateway: All< 4.7.944.7.105

WirelessHART 1410 Gateway: All< 4.7.944.7.105

WirelessHART 1410D Gateway: All< 4.7.944.7.105

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to WirelessHART Gateway management interfaces using firewall rules; only allow connections from authorized engineering workstations on your control system network

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Emerson WirelessHART Gateway firmware to version 4.7.105 or later

HARDENINGReview and restrict user accounts with access to the gateway; use strong passwords and disable unused accounts

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate the WirelessHART Gateway and wireless field devices on a separate network segment from the business LAN and Internet

HARDENINGIf remote access to the gateway is required, route all connections through a VPN or jump host with multi-factor authentication

CVEs (6)

CVE-2021-42539 CVE-2021-38485 CVE-2021-42542 CVE-2021-42540 CVE-2021-42538 CVE-2021-42536

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b093ac2f-10ae-475f-8a87-a482e968dd28