Emerson DeltaV Denial of Service Vulnerability
Release Date: 2013-03-07
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
A vulnerability has been reported in DeltaV, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing certain packets and can be exploited to restart the controller.
The vulnerability is reported the following versions:
* DeltaV SE3006 SD Plus Controller versions 11.3.1 and prior.
* DeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior.
* DeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior.
* DeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior.
* DeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior.
Apply hotfix (please see vendor's advisory for details).
Provided and/or discovered by:
ICS-CERT credits Joel Langill.