Emerson created a firmware patch that disables the SSH port vulnerability in the DeltaV Wireless I/O Card, according to a report with ICS-CERT.
An attacker may be able to use this open port to access the file system of devices using the affected product.
Emerson reports the remotely exploitable vulnerability affects the following products:
• SE4801T0X Redundant Wireless I/O Card V13.3
• SE4801T1X Simplex Wireless I/O Card V13.3
The DeltaV system is not susceptible to this vulnerability except for the products and versions listed above.
Emerson is a U.S.-based company that maintains offices in several countries around the world, including the U.S., UK, Netherlands, Italy, India, Germany, France, Czech Republic, China, and Australia.
The affected products, DeltaV Wireless I/O Cards, see use in connecting workstations and servers in the DeltaV network. DeltaV Wireless I/O Cards see action across several sectors including chemical and energy. Emerson estimates these products see use on a global basis.
DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.
CVE-2016-9347 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.0.
No known public exploits specifically target this vulnerability. On top of that, crafting a working exploit for this vulnerability would be difficult.
Emerson released the solution for this vulnerability in their Guardian Support Knowledge Base Article NK-1500-0512 dated September 30, 2016 (hotfix bundle ‘DeltaV_133_WIOC_02_CSS’). The provided fix disables the SSH port that is always available in the WIOC running v13.3 original firmware.
In order to limit exposure to these and other vulnerabilities, Emerson recommends users deploy and configure DeltaV systems and related components as described in the following documents:
• DeltaV Security Manual
• Emerson’s Wireless Security Whitepaper