Emerson ValveLink Products

Plan Patch9.4ICS-CERT ICSA-25-189-01Jul 8, 2025

Summary

ValveLink SOLO, DTM, PRM, and SNAP-ON versions prior to 14.0 contain vulnerabilities (CWE-316, CWE-693, CWE-427, CWE-20) related to cleartext storage of sensitive information, insufficient cryptography, untrusted code sources, and improper input validation. Successful exploitation allows reading sensitive data, tampering with valve parameters and setpoints, and executing unauthorized code. The vulnerabilities require attacker access to an affected system but could enable complete compromise of valve control logic and process parameters.

What this means

What could happen

An attacker with access to ValveLink software could read sensitive information stored in cleartext, modify valve parameters or setpoints, and execute unauthorized commands that could disrupt process control or cause equipment damage.

Who's at risk

Emerson ValveLink software users in manufacturing and process industries who deploy SOLO, DTM, PRM, or SNAP-ON versions should be concerned. This affects any organization using these tools to configure or monitor fieldbus and intelligent valve devices. Impact is highest for critical process control applications where unauthorized parameter changes could cause downtime, product loss, or safety incidents.

How it could be exploited

An attacker must first gain access to a system running ValveLink (versions below 14.0). Once on the system, they can exploit cleartext storage vulnerabilities to read credentials or configuration data, modify valve parameters without authorization, or inject malicious code to execute arbitrary commands on the affected device or network.

Prerequisites

Access to a system running ValveLink SOLO, DTM, PRM, or SNAP-ON version 14.0 or earlier
The application must be running with vulnerable code in memory or stored configuration accessible
No authentication bypass is mentioned, so attacker may need legitimate system access or ability to reach the application over the network

Likely remotely exploitable (attacker needs system access)Cleartext storage of sensitive informationArbitrary code execution possibleAll current versions below 14.0 are vulnerableNo patch available for affected versions until upgrade

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

ValveLink SOLO: <ValveLink_14.0<ValveLink 14.014.0 or later

ValveLink DTM: <ValveLink_14.0<ValveLink 14.014.0 or later

ValveLink PRM: <ValveLink_14.0<ValveLink 14.014.0 or later

ValveLink SNAP-ON: <ValveLink_14.0<ValveLink 14.014.0 or later

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to ValveLink systems to only authorized engineering workstations and control networks; implement network segmentation

WORKAROUNDIf remote access to ValveLink is required, use a VPN with current security patches and strong authentication

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ValveLink SOLO, DTM, PRM, and SNAP-ON to version 14.0 or later from the Emerson website

Long-term hardening

0/1

HARDENINGIsolate ValveLink systems from the Internet and business networks; place them behind firewalls on a dedicated control system network

CVEs (5)

CVE-2025-52579 CVE-2025-50109 CVE-2025-46358 CVE-2025-48496 CVE-2025-53471

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f17703af-2090-4fae-8531-8c3d1d9b2e29