Multiple vulnerabilities in Emerson DeltaV DCS Workstations
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Insecure DLL loading
EUVDB-ID: #VU14444
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14797
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current victim.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDeltaV: 11.3.1 - 13.3.1
CPE2.3- cpe:2.3:h:emerson:deltav:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:12.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:13.3.0:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Relative path traversal
EUVDB-ID: #VU14445
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14795
CWE-ID:
CWE-23 - Relative Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper path validation. A remote attacker can conduct relative path traversal attack and replace executable files.
MitigationInstall update from vendor's website.
Vulnerable software versionsDeltaV: 11.3.1 - 13.3.1
CPE2.3- cpe:2.3:h:emerson:deltav:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:12.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:13.3.0:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper privilege management
EUVDB-ID: #VU14446
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-14791
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper privilege management. A local attacker can change executable and library files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDeltaV: 11.3.1 - 13.3.1
CPE2.3- cpe:2.3:h:emerson:deltav:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:12.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:13.3.0:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU14447
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14793
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow. An adjacent attacker can use open communication port to trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDeltaV: 11.3.1 - 13.3.1
CPE2.3- cpe:2.3:h:emerson:deltav:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:12.3.1:*:*:*:*:*:*:*
- cpe:2.3:h:emerson:deltav:13.3.0:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
