Researchers Uncover Flaws in Widely Used Emerson Rosemount Industrial Gas Chromatographs
28 June 2024 at 17:09
Flaws in Emerson Rosemount Gas Chromatographs
Operational technology security firm Claroty discovered the vulnerabilities, which include two command injection flaws and two authentication bypass issues. If exploited, these flaws could enable unauthenticated attackers to run arbitrary commands, access sensitive data and gain administrative control. [caption id="attachment_79530" align="alignnone" width="649"]![Emerson Rosemount Gas Chromatographs 67](../themes/icons/grey.gif)
![Emerson Rosemount Industrial Gas Chromatographs Emula](../themes/icons/grey.gif)
- CVE-2023-46687: Allows remote execution of root-level commands without authentication (CVSS score: 9.8)
- CVE-2023-49716: Enables authenticated users to run arbitrary commands remotely (CVSS score: 6.9)
- CVE-2023-51761: Permits unauthenticated users to bypass authentication and gain admin access by resetting passwords (CVSS score: 8.3)
- CVE-2023-43609: Allows unauthenticated users to access sensitive information or cause denial-of-service (CVSS score: 6.9)
Industry Impact and Mitigation
Gas chromatographs play a crucial role in various sectors, from environmental monitoring to medical diagnostics. Compromised devices could have far-reaching consequences. In food processing, attacks on chromatographs might prevent accurate bacteria detection, halting production. In healthcare settings, disrupted blood sample analysis could impact patient care. Emerson has released updated firmware addressing these vulnerabilities. The Claroty researchers said they "appreciate Emerson for its swift response and cooperation, which demonstrates their dedication to our shared goal." Emerson advises customers to apply the patches and implement best practices in the cybersecurity industry according to current standards. The firm stated, "In addition, Emerson recommends end users continue to utilize current cybersecurity industry best practices and in the event such infrastructure is not implemented within an end userβs network, action should be taken to ensure the Affected Product is connected to a well-protected network and not connected to the Internet. In its advisory CISA shared the following recommendations for securing these systems:- Minimize network exposure: Ensure that control system devices and/or systems,Β are not publicly accessible from the internet.
- Locate control system networks:Β Place remote devices behind firewalls and isolate them from business networks
- Secure Remote Access: Use Virtual Private Networks (VPNs) to secure remote access. However, the agency also warned of potential inherent risks in VPNs, asking organizations and businesses to be aware of them.