Emerson DeltaV DCS Workstations Multiple Security Vulnerabilities Alert
Recently, Emerson DeltaV DCS Workstations fixed several security vulnerabilities, including directory traversal, privilege escalation and stack overflow. CVSS 3.0 scored up to 9.6 points. At present, Emerson officially has released the corresponding patch to fix it.
Vulnerability Overview
- CVE-2018-14797
CVSS v3: 8.2
Through this vulnerability, an attacker can place a specially crafted DLL file in the search path. This DLL can be successfully loaded as an internal legal DLL to run, causing code execution.
- CVE-2018-14795
CVSS v3: 8.8
The vulnerability stems from an unreasonable path check, which could be replaced by an attacker.
- CVE-2018-14791
CVSS v3: 8.2
The vulnerability allows non-administrator users to change executable and library files in affected products.
- CVE-2018-14793
CVSS v3: 9.6
Through this vulnerability, an attacker can use an open communication port to execute arbitrary code.
Affected version
- DeltaV versions v11.3.1, v12.3.1, v13.3.0, v13.3.1, R5
Solution
Emerson officially has released upgrade patches for each version, and users can log in to Emerson process website to update.
More info, please visit here.
