Emerson Rosemount GC370XA, GC700XA, GC1500XA

Act Now9.8ICS-CERT ICSA-24-030-01Jan 30, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

These Emerson Rosemount gas chromatographs contain multiple command injection and authentication bypass vulnerabilities. An unauthenticated attacker with network access can run arbitrary commands with administrative privileges, access sensitive instrument data, cause the device to stop responding, or bypass authentication controls. Affected products are the GC370XA, GC700XA, and GC1500XA running firmware version 4.1.5 or earlier. The vulnerabilities are classified as high-complexity attacks, and no public exploitation has been reported. However, Emerson has not announced fixed firmware versions and recommends contacting support for patching options.

What this means

What could happen

An unauthenticated attacker with network access could remotely run arbitrary commands on these gas chromatographs, potentially altering analysis results, shutting down the instrument, or stealing calibration and sample data critical to environmental or process monitoring.

Who's at risk

Laboratories and manufacturing facilities using Emerson Rosemount gas chromatographs (GC370XA, GC700XA, GC1500XA) for process analysis, quality control, or environmental monitoring. This includes refineries, chemical plants, pharmaceutical manufacturers, and environmental testing facilities.

How it could be exploited

An attacker on the same network as the instrument sends a crafted network request to the device. The device accepts the request without requiring authentication and executes embedded commands with administrative privileges. No user interaction or special conditions are needed.

Prerequisites

Network access to the device's listening port
Device must be powered on and running firmware version 4.1.5 or earlier

remotely exploitableno authentication requiredno patch availableaffects measurement and safety-critical analysis

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

GC370XA: <=4.1.5≤ 4.1.5No fix (EOL)

GC700XA: <=4.1.5≤ 4.1.5No fix (EOL)

GC1500XA: <=4.1.5≤ 4.1.5No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXContact Emerson Tech Support (GC.CSC@emerson.com) to determine firmware update availability and procedure for your specific model and network configuration

HARDENINGIsolate the gas chromatograph network from the business network using a firewall, firewall rules, or network segmentation. Only permit necessary connections for legitimate operations

HARDENINGEnsure the device is not accessible from the Internet. Remove any port forwarding or VPN rules that expose the instrument directly to outside networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDIf remote access is necessary, implement a dedicated VPN connection from an authorized engineering workstation to the instrument network, separate from standard business VPN

CVEs (4)

CVE-2023-46687 CVE-2023-49716 CVE-2023-51761 CVE-2023-43609

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ae9478d9-cf5e-4601-81cb-073704e823d0