Detections
Analytics

Emerson DeltaV Smart Switch DoS (ICSA-19-010-01)

medium Nessus Network Monitor Plugin ID 720300

Synopsis

Emerson DeltaV Smart Switch devices are vulnerable to a Denial-of-Service (DoS) vulnerability.

Description

The Emerson DeltaV Smart Switch Command Center application is affected by a DoS attack vector. A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to cause a denial of service.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://www.us-cert.gov/ics/advisories/ICSA-19-010-01

Plugin Details

Severity: Medium

ID: 720300

Family: SCADA

Published: 9/19/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 1/10/2019

Vulnerability Publication Date: 1/10/2019

Reference Information

CVE: CVE-2018-19021

BID: 106522