Researchers have identified several security vulnerabilities in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to access sensitive information, cause denial-of-service (DoS) conditions, and execute arbitrary commands.
These vulnerabilities affect the GC370XA, GC700XA, and GC1500XA models, specifically versions 4.1.5 and earlier.
Researcher highlighted that the vulnerabilities include two command injection flaws and two authentication and authorization weaknesses. These issues can be exploited by unauthenticated attackers to perform actions such as bypassing authentication and executing commands.
“Exploiting these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive data, induce DoS conditions, and bypass authentication to gain administrative control,” stated the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in an advisory.
The gas chromatograph, essential for critical gas measurements, can be configured and managed using MON software. This software also stores vital data and generates reports like chromatograms, alarm history, event logs, and maintenance logs.
Researcher’s examination of the firmware and the proprietary protocol used for communications between the device and the Windows client MON2020 uncovered the following vulnerabilities:
– CVE-2023-46687 (CVSS score: 9.8)**: Allows an unauthenticated user with network access to execute arbitrary commands in root context from a remote computer.
– CVE-2023-49716 (CVSS score: 6.9)**: Allows an authenticated user with network access to run arbitrary commands from a remote computer.
– CVE-2023-51761 (CVSS score: 8.3)**: Allows an unauthenticated user with network access to bypass authentication and acquire admin capabilities by resetting the associated password.
– CVE-2023-43609 (CVSS score: 6.9)**: Allows an unauthenticated user with network access to access sensitive information or cause a DoS condition.
Emerson has responded to these disclosures by releasing an updated firmware version that addresses these vulnerabilities. The company also advises users to adhere to cybersecurity best practices and avoid exposing affected products directly to the internet.
This disclosure follows similar findings regarding flaws in AiLux RTU62351B, which could be exploited to access sensitive resources, alter device configurations, and execute arbitrary commands as root. These vulnerabilities, named I11USION, highlight the ongoing risks in industrial equipment.
Additionally, security weaknesses have been discovered in Proges Plus temperature monitoring devices and their associated software, Sensor Net Connect and Thermoscan IP. These flaws could grant administrative privileges over critical medical systems, enabling attackers to manipulate system settings, install malware, and exfiltrate data. Unpatched, these vulnerabilities pose risks such as DoS conditions that could compromise temperature-sensitive medicines and vaccines.
To prevent exploitation of the identified vulnerabilities, organizations should immediately update to the latest firmwar. Additionally, it is crucial to follow best cybersecurity practices, including restricting network access to the devices, regularly monitoring for unusual activities, and ensuring that the gas analyzers are not directly exposed to the internet.