Multiple security vulnerabilities have been discovered in Emerson Rosemount gas chromatographs that could be exploited by attackers to obtain sensitive information, cause a denial of service (DoS) condition, and even execute arbitrary commands.
The vulnerabilities affect the GC370XA, GC700XA, and GC1500XA and are present in versions 4.1.5 and earlier.
According to operational technology (OT) security firm Claroty, the vulnerabilities turn on two command injection flaws and two separate authentication and authorization vulnerabilities that could be used by unauthenticated attackers to perform a wide variety of malicious activities, from authentication bypass to command injection.
“Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to execute arbitrary commands, access sensitive information, cause a denial of service condition, and bypass authentication to gain administrative privileges,” the US Cybersecurity and Infrastructure Security Agency (CISA) notes. ) said in a recommendation published in January.
The chromatograph, which is used to make critical gas measurements, can be configured and controlled using a software called MON. The software can also be used to store important data and generate reports such as chromatograms, alarm history, event logs and maintenance logs.
Analysis of the firmware and proprietary protocol used to communicate between the device and a Windows client called Claroty MES2020 found the following flaws –
- CVE-2023-46687 (CVSS Score: 9.8) – An unauthenticated user with network access can execute arbitrary commands in root context from a remote computer
- CVE-2023-49716 (CVSS Score: 6.9) – An authenticated user with network access can execute arbitrary commands from a remote computer
- CVE-2023-51761 (CVSS Score: 8.3) – An unauthenticated user with network access can bypass authentication and gain administrative privileges by resetting the associated password
- CVE-2023-43609 (CVSS Score: 6.9) – An unauthenticated user with network access could gain access to sensitive information or cause a denial of service condition
After responsible disclosure, Emerson did released (PDF) updated version of the firmware that fixes the vulnerabilities. The company also recommends that end users follow cybersecurity best practices and ensure that affected products are not directly exposed to the Internet.
Disclosure is as Nozomi Networks in detail several flaws in the AiLux RTU62351B that can be abused to access confidential resources on the device, change its configuration, and even achieve the execution of arbitrary commands as root. These vulnerabilities are collectively known as I11USION.
There were also security flaws identified in Proges Plus temperature monitoring devices and related software, namely Sensor Net Connect and Thermoscan IP, which may allow administrative privileges on critical medical systems, thereby allowing attackers to manipulate system settings, install malware, and steal data.
Left unpatched, these vulnerabilities can also lead to a DoS state in medical monitoring infrastructure, leading to the corruption of temperature-sensitive drugs and vaccines.
