Overview
- Description
- The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-345
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:controlwave_pac_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E96BACEB-97DB-4BB2-8903-96CFDAEA37AF",
"versionEndIncluding": "2022-05-02"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:controlwave_pac:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A70DA34F-5533-4704-AE11-F3065156CD23"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:controlwave_micro_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F7F1876-384B-4B3C-B384-45DB03609F48",
"versionEndIncluding": "2022-05-02"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:controlwave_micro:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7FC7C433-A42D-4FBA-9F79-F3923153ABF1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]