Improper access control in Emerson WirelessHART 1410, 1420 and 1552WU Gateways

1) Improper access control

EUVDB-ID: #VU27948

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-12030

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. A remote attacker can issue specific commands to the gateway, which could then be forwarded on to the end user's wireless devices.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Wireless 1410 Gateway: 4.6.43 - 4.7.84

Wireless 1420 Gateway: 4.6.43 - 4.7.84

Wireless 1552WU Gateway: 4.6.43 - 4.7.84

CPE2.3

• cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1410_gateway:4.6.43:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1410_gateway:4.7.84:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1420_gateway:*:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1420_gateway:4.6.43:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1420_gateway:4.7.84:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1552wu_gateway:*:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1552wu_gateway:4.6.43:*:*:*:*:*:*:*
• cpe:2.3:h:emerson:wireless_1552wu_gateway:4.7.84:*:*:*:*:*:*:*

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-135-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.