During a recent security audit, Positive Technologies found a critical security weakness in Emerson DeltaV distributed control system. Our experts found that while accessing the system, an intruder is able to read and replace its configuration files and run commands with any user's rights. This vulnerability affects DeltaV versions 10.3.1, 11.3 and 12.3. Emerson’s DeltaV is a general purpose process control system that is used worldwide in the oil and gas and chemical industries.
As a result, Emerson issued a patch that mitigates associated weaknesses and posted a bulletin with more information about the vulnerability and recommendations for minimizing its potential risks. More information about this security flaw can be found in the ICS-CERT advisory ICSA-14-133-02.
In addition, ICS-CERT recommends Emerson DeltaV users limit access to their networks from outside, protect their networks with firewalls and use secure protocols (e.g. VPN) for remote access.
Emerson is a global manufacturing and technology company offering multiple products and services in the industrial, commercial, and consumer markets through its network power, process management, industrial automation, climate technologies, and tools and storage businesses.
Positive Technologies has a long history of discovering vulnerabilities in industrial control systems (ICS) and is recognized as a global pioneer in ICS security. In addition to Emerson, our experts have helped find a fix hundreds of ICS weaknesses in systems from vendors including Honeywell, Schneider Electric, Siemens and Yokogawa.