In a recent discovery by security researchers, multiple critical vulnerabilities have been identified in Emerson gas chromatographs, putting these devices at risk of cyberattacks. These flaws could potentially allow malicious actors to access sensitive data, cause denial-of-service conditions, and execute arbitrary commands.
Gas chromatographs play a crucial role in various industries such as chemical, environmental, and healthcare sectors by analyzing and separating chemical compounds. The Emerson Rosemount 370XA model, a popular choice among users, utilizes a proprietary protocol for communication between the device and the technician’s computer.
The security researchers from Claroty’s Team82 uncovered four key vulnerabilities in these gas chromatographs, including two command injection flaws, an authentication bypass, and an authorization vulnerability. One of the command injection flaws received a critical severity score of 9.8 on the CVSS v3 scale, underlining the seriousness of the issue.
One of the vulnerabilities, identified as CVE-2023-46687, is an unauthenticated remote code execution or command injection flaw associated with the “forced calibration” command type. This vulnerability allows an attacker to inject arbitrary shell commands by manipulating a user-provided file name without proper sanitization, leading to potential remote code execution.
Another vulnerability, tracked as CVE-2023-51761, is an authentication bypass flaw that enables an attacker to reset the administrator password by calculating a secret passphrase derived from the device’s MAC address. Understanding the passphrase validation procedure allows an attacker to generate the passphrase and gain administrator access using specific credentials.
Furthermore, CVE-2023-49716 addresses a user login bypass via a password reset mechanism, allowing an unauthenticated user with network access to obtain admin privileges. The last vulnerability, CVE-2023-43609, involves command injection via reboot functionality, granting an authenticated user with network access the ability to execute arbitrary commands remotely.
Due to the significant cost and complexity of acquiring a physical device, the researchers simulated the Emerson Rosemount 370XA to analyze its vulnerabilities. By exploiting flaws in the device’s protocol implementation, they were able to craft payloads and uncover these critical security issues.
In response to these findings, Emerson has issued a security advisory recommending end users to update the firmware on the affected products. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory concerning these vulnerabilities to raise awareness and prompt necessary actions to mitigate the risks associated with these flaws.
Overall, the discovery of these critical vulnerabilities in Emerson gas chromatographs underscores the importance of robust cybersecurity measures in safeguarding industrial control systems and infrastructure from potential cyber threats. It serves as a reminder for organizations to prioritize security practices and stay vigilant against evolving cybersecurity risks in an increasingly connected world.