OTPulse
FeedAboutContact

Walchem Intuition 9

Plan Patch7.5ICS-CERT ICSA-23-229-04Jul 21, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Walchem Intuition 9 firmware versions below 4.21 contain authentication bypass vulnerabilities (CWE-306, CWE-287) that allow unauthenticated remote attackers to download and export sensitive data or obtain direct login access to the device without credentials.

What this means
What could happen
An attacker could gain unauthorized access to your Intuition 9 device and export sensitive operational data, or log in directly without credentials, potentially allowing them to modify chemical dosing parameters or disable monitoring.
Who's at risk
Water treatment plants, municipal utilities, and industrial facilities that use Walchem Intuition 9 chemical dosing controllers. These devices control pH adjustment, disinfection, and other critical chemical processes.
How it could be exploited
An attacker on the network or Internet reaches the Intuition 9 device on the network and sends specially crafted requests that bypass authentication checks. This grants direct access to the device interface or allows extraction of sensitive configuration and operational data without needing valid credentials.
Prerequisites
  • Network access to the Intuition 9 device (may be remote if device is Internet-accessible)
  • No credentials required
remotely exploitableno authentication requiredlow complexityno patch available (end-of-life for some versions)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Intuition 9: < 4.21< 4.214.21 or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGDo not expose Intuition 9 devices directly to the Internet; isolate them behind a firewall on your control system network
WORKAROUNDRestrict network access to Intuition 9 devices to only authorized personnel and systems; use firewall rules to block unnecessary inbound connections
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Intuition 9 firmware to version 4.21 or later from the Walchem website
Long-term hardening
0/1
HARDENINGIf remote access to Intuition 9 is required, use a VPN with up-to-date security patches and strong access controls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0ad1502f-1008-413d-8a8e-50ddf2412db7
Walchem Intuition 9 | CVSS 7.5 - OTPulse