Pages

Tuesday, June 3, 2014

Positive Technologies Experts Helped to Fix a Vulnerability in the Emerson DeltaV DCS


During a security analysis, Positive Technologies specialists detected a critical security error in the Emerson DeltaV distributed control system. While having access to the system, an intruder is able to read and replace its configuration files, and to run commands with any user's rights. The vulnerability affects DeltaV versions 10.3.1, 11.3 and 12.3. Emerson’s DeltaV is a general purpose process control system that is used worldwide primarily in the oil and gas and chemical industries.

More information about the security error can be found in the CERT bulletin ICSA-14-133-02. The Positive Technologies experts Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov discovered the vulnerability.

Emerson issued a patch that mitigates errors and a notice, where information about the vulnerability and recommendations on removal of possible exploitation consequences can be found.

In addition, ICS-CERT specialists recommend Emerson DeltaV users to limit access to their networks from outside, protect the networks with firewalls and use secure protocols (for example, VPN) when set up a remote access.

Emerson is a global manufacturing and technology company offering multiple products and services in the industrial, commercial, and consumer markets through its network power, process management, industrial automation, climate technologies, and tools and storage businesses.

This is not the first time when Positive Technologies specialists have detected critical vulnerabilities in production systems. Previously, Siemens released several patches to fix a number of serious vulnerabilities in certain systems, including ICS (development tools and HMI). Moreover, Positive Technologies experts helped to fix high-risk vulnerabilities in Wonderware Information Server by Invensys, which is a part of a unified solution for building SCADA and HMI systems.

5 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. nice post.. I am mainly impressed all through your loom of exterior in this blog. It shows your inspiration. Momentous attempt you have completed in this blog. Thanks for sharing. Billboard advertising on the high road and in malls gets your potential clients while they are in shopping mode. A decent blurb crusade can incite customers to purchase your items there and after that, particularly on the off chance that you are running advancement as a motivator.

    ReplyDelete