ICS-CERT Advisory Details Vulnerability Report Affecting Emerson's DeltaV DCS Workstations Products

Posting ID 118237
Date Added: 1/11/2019
Date Modified: 1/11/2019
Jeff Jones | E-ISAC Staff

Description

Summary:

ICS-CERT has released Advisory ICSA-19-010-01 detailing Emerson automation solutions' DeltaV Distributed Control System (DCS) Workstations products.

These products are common in DCS across North America and Emerson recommends that customers patch the following affected products:

DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, and R6

Software patches are available to customers with access to the Emerson Guardian Support Portal and Emerson support resources. 

 

Analysis:

Members are encouraged to assess their environments to determine what defensive measures are appropriate, and ICS-CERT's Advisory details some recommended mitigation strategies for your consideration.

The Advisory states that no known public exploits specifically target this vulnerability, and that this vulnerability is exploitable from an adjacent network. Your E-ISAC has previously made members aware that adversary activity has indicated the desire to learn about and gain access to ICS environments by first compromising corporate/IT networks. Ensuring that your organization has considered this type of attack vector in risk assessment activities can help protect against threats of this nature. 

 

ICS-CERT Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01  

Bulletin Type:
Cyber Bulletin
Category Type:
Cyber Security
Impact:
Medium
Urgency:
Routine
Purpose:
Situation Awareness
TLP - White
Shared Count (3)
  • E-ISAC AOO Members
  • E-ISAC Staff
  • Watch Floor
Change History
  • Admin, 03/07/2019
  • Jeff Jones, 01/11/2019
  • Jeff Jones, 01/11/2019
  • Jeff Jones, 01/11/2019
  • Jeff Jones, 01/11/2019
  • Jeff Jones, 01/11/2019
  • Jeff Jones, 01/11/2019