Free Webinar:

When Ransomware Strikes | The Impact of Ransomware in OT Environments

Skip to main content
Security Advisory

Emerson WirelessHART Gateways

Risk Information

Limited Threat

CVE ID

CVE-2021-31528

CVE-2021-31527

CVE-2021-31526

CVE-2021-28490

CVE-2006-3082

CVE-2006-6235

CVE-2007-1263

CVE-2021-31529

Vunerability Type

Code execution via Undocumented Hardware Interfaces

Web application user permissions enforced in client browser

Web application directory traversal allows overwriting firmware

Web application cross-site request forgery

Upgrade and licensing features may allow arbitrary code execution and signature bypass

Upgrade and licensing features may allow arbitrary code execution and signature bypass

Upgrade and licensing features may allow arbitrary code execution and signature bypass

Unauthenticated user may retrieve WirelessHART Network ID and Join Key

CVSS3 Score

6.8

8.1

9.1

8.8

7.5

9.8

7.5

5.9

CVSSv3 Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affecting

  • 1420 gateway: firmware v4.6.59
  • 1410 gateway: firmware v4.5.27
  • Likely other 1410, 1420, and 1552WU firmware versions are also affected
  • Mitigation

    Update to a patched firmware version, v4.7.100. This is reported to fix all issues except CVE-2006-3082, CVE-2006-6235-, and CVE-2007-1263. Emerson has committed to patching the additional issues on a future date.

    06/28/2021