A vulnerability affects Emerson’s DeltaV Easy Security Management application, according to a report with ICS-CERT.
Since Emerson is terminating support for the DeltaV Easy Security Management application, the company recommends all users uninstall it from all DeltaV and non-DeltaV workstations.
Emerson reports the vulnerability affects the DeltaV Easy Security Management application, which is on the following systems:
• DeltaV V12.3
• DeltaV V12.3.1
• DeltaV V13.3
Successful exploitation of this vulnerability could allow a local attacker to elevate privileges within a DeltaV control system.
Emerson is a U.S.-based company that maintains offices in several countries around the world, including the U.S., UK, Netherlands, Italy, India, Germany, France, Czech Republic, China, and Australia.
The affected product, DeltaV Easy Security Management, is an application included with DeltaV systems v12.3, v12.3.1, and v13.3 that manages the portable media ports and autorun feature for all DeltaV workstations and servers.
The DeltaV Easy Security management application allows users to disable portable USB storage devices and autorun on workstations and servers in the DeltaV network. DeltaV sees action across several sectors including chemical and energy. Emerson said this product sees use on a global basis.
Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system.
CVE-2016-9345 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.8.
This vulnerability is not exploitable remotely and cannot end up exploited without user interaction.
No known public exploits specifically target this vulnerability. In addition, crafting a working exploit for this vulnerability would be difficult.
The DeltaV Easy Security Management server and monitoring agents can be manually uninstalled by users with privileges to install/uninstall Windows applications on each given workstation or server.
A more detailed procedure to uninstall the DeltaV Easy Security application is available in the Emerson’s Knowledge Base Article # NK-1600-0336 through Emerson’s Guardian Support Knowledge Base.
Simplified steps are as follows:
1) Log into each one of the workstations/servers running DeltaV Easy Security and launch Windows Programs and Features.
2) Uninstall the ‘Easy Security Server and Agent’ application using the uninstall button.
A computer reboot is not required to complete these steps. The built-in user account created during the DeltaV Easy Security installation is also removed during the uninstall process.
Emerson will provide additional details explaining how to manage USB ports and autorun features using Windows Group Policies in the near future as part of another Knowledge Base Article the company will publish through its Guardian Support Knowledge Base.