Emerson DeltaV Denial of Service Vulnerability

by Carol~ Moderator - 3/7/13 8:30 AM

In Reply to: VULNERABILITIES / FIXES - March 07, 2013 by Carol~ Moderator

Release Date: 2013-03-07

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software:
DeltaV 10.x
DeltaV 11.x

Description:
A vulnerability has been reported in DeltaV, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing certain packets and can be exploited to restart the controller.

The vulnerability is reported the following versions:
* DeltaV SE3006 SD Plus Controller versions 11.3.1 and prior.
* DeltaV VE3005 Controller MD Hardware versions 10.3.1 and prior.
* DeltaV VE3005 Controller MD Hardware versions 11.3.1 and prior.
* DeltaV VE3006 Controller MD PLUS Hardware versions 10.3.1 and prior.
* DeltaV VE3006 Controller MD PLUS Hardware versions 11.3.1 and prior.

Solution:
Apply hotfix (please see vendor's advisory for details).

Provided and/or discovered by:
ICS-CERT credits Joel Langill.

Original Advisory:
ICS-CERT:
http://ics-cert.us-cert.gov/pdf/ICSA-13-053-01.pdf

http://secunia.com/advisories/52486/