Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Summary:
Multiple security vulnerabilities have been identified in Emerson Rosemount gas chromatographs, potentially allowing attackers to access sensitive information, cause denial-of-service (DoS) conditions, and execute arbitrary commands. The affected models include GC370XA, GC700XA, and GC1500XA, with versions 4.1.5 and earlier. Claroty, an operational technology (OT) security firm, highlighted two command injection flaws and two authentication and authorization vulnerabilities. These could enable unauthenticated attackers to bypass authentication, run arbitrary commands, access sensitive data, and induce DoS conditions.

Claroty's analysis revealed the following vulnerabilities:

  • CVE-2023-46687 (CVSS score: 9.8): Unauthenticated users can execute arbitrary commands remotely.
  • CVE-2023-49716 (CVSS score: 6.9): Authenticated users can run arbitrary commands remotely.
  • CVE-2023-51761 (CVSS score: 8.3): Unauthenticated users can bypass authentication and gain admin access by resetting the password.
  • CVE-2023-43609 (CVSS score: 6.9): Unauthenticated users can access sensitive information or cause DoS conditions.

Security Officer Comments:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasized that exploiting these vulnerabilities could grant attackers admin capabilities, allowing them to perform a range of malicious actions. The gas chromatographs, managed by the MON software, are critical for gas measurements and data storage.

Suggested Corrections:
Emerson has released an updated firmware version addressing these vulnerabilities and recommends users follow cybersecurity best practices and avoid exposing affected products to the internet.

Link(s):
https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html