Four vulnerabilities exist in Emerson DeltaV Distributed Control System affecting authentication, cryptographic validation, and firmware integrity (CVE-2022-29962, CVE-2022-29963, CVE-2022-29964, CVE-2022-29965). These vulnerabilities allow an attacker on the control network to deny service, manipulate runtime communications between controllers and IO cards, or execute commands on the controller. The vulnerabilities exist across all DeltaV product lines: CIOC/EIOC/WIOC IO cards, M-series, P-series, S-series, and SIS (safety-instrumented system) controllers. Affected products include all firmware versions that are no longer receiving active support from Emerson. The advisory notes no known public exploits are available, but these are not high attack complexity vulnerabilities once an attacker has network access to the control segment.
What this means
What could happen
An attacker with network access to DeltaV controllers could deny service to the control system, intercept and modify runtime communications between controllers and IO devices, or gain unauthorized command execution on the controller itself, potentially disrupting critical process operations.
Who's at risk
Water authorities and municipal utilities operating Emerson DeltaV distributed control systems, including any facility using DeltaV M-series, P-series, S-series, or SIS controllers paired with CIOC, EIOC, or WIOC IO cards for process control, PLC functions, or safety-critical operations.
How it could be exploited
An attacker must have network access to the DeltaV controller (CIOC/EIOC/WIOC IO cards or controller modules). The attacker can exploit authentication or cryptographic weaknesses in the controller firmware to either intercept/modify communications on the internal control network or execute arbitrary commands on the controller, depending on which of the four CVEs is exploited. All vulnerabilities require that the attacker be on the same network segment as the controller.
Prerequisites
Network access to DeltaV controller on the control network segment (adjacent network, not across Internet-routable hops)
No authentication required to exploit the underlying protocol weaknesses
For some vulnerabilities: specific firmware image verification bypass conditions
remotely exploitableno authentication requiredaffects safety systems (DeltaV SIS)no patch available for older versionsmultiple cryptographic weaknesses (weak or missing firmware verification, hardcoded credentials)default or hardcoded credentials may be present
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (5)
1 with fix4 EOL
ProductAffected VersionsFix Status
DeltaV CIOC/EIOC/WIOC IO cards: All versionsAll versionsNo fix (EOL)
DeltaV P-series: All versionsAll versionsNo fix (EOL)
DeltaV S-series: All versionsAll versionsNo fix (EOL)
DeltaV SIS: All versionsAll versionsVersion 14.3 and all currently supported versions
DeltaV M-series: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDBlock or restrict network access to DeltaV controllers to only authorized engineering workstations and peer controllers; deny access from untrusted network segments
Schedule — requires maintenance window
0/1
Patching may require device reboot — plan for process interruption
HOTFIXUpgrade DeltaV to the latest supported version (at minimum Version 14.3 for firmware verification fixes; check Emerson Guardian Support Portal for version matrix of which vulnerabilities are fixed in which releases)
Mitigations - no patch available
0/3
The following products have reached End of Life with no planned fix: DeltaV CIOC/EIOC/WIOC IO cards: All versions, DeltaV P-series: All versions, DeltaV S-series: All versions, DeltaV M-series: All versions. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate DeltaV control system from business network using firewalls
HARDENINGIf remote access to DeltaV is required, require use of VPN with up-to-date security patches and strong authentication; do not expose DeltaV directly to the Internet
HARDENINGImplement network-level monitoring and alerting for unexpected connections or communications on DeltaV controller ports (e.g., port 502 for Modbus, proprietary Emerson management ports)