Emerson DeltaV DCS Workstations Multiple Security Vulnerabilities Alert

Recently, Emerson DeltaV DCS Workstations fixed several security vulnerabilities, including directory traversal, privilege escalation and stack overflow. CVSS 3.0 scored up to 9.6 points. At present, Emerson officially has released the corresponding patch to fix it.

Vulnerability Overview

  • CVE-2018-14797

CVSS v3: 8.2
Through this vulnerability, an attacker can place a specially crafted DLL file in the search path. This DLL can be successfully loaded as an internal legal DLL to run, causing code execution.

  • CVE-2018-14795

CVSS v3: 8.8
The vulnerability stems from an unreasonable path check, which could be replaced by an attacker.

  • CVE-2018-14791

CVSS v3: 8.2
The vulnerability allows non-administrator users to change executable and library files in affected products.

  • CVE-2018-14793

CVSS v3: 9.6
Through this vulnerability, an attacker can use an open communication port to execute arbitrary code.

Affected version

  • DeltaV versions v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5

Solution

Emerson officially has released upgrade patches for each version, and users can log in to Emerson process website to update.

More info, please visit here.