Emerson fixes critical issues in Rosemount Gas Chromatograph
Take action: If you are using Emerson's Rosemount Gas Chromatographs, check that they are isolated from public networks. Then consider patching them in a planned process.
Learn More
Emerson has addressed significant security vulnerabilities in their Rosemount Gas Chromatograph models GC370XA, GC700XA, and GC1500XA.
- The most critical vulnerability, tracked as CVE-2023-46687 (CVSS score 9.8), allows an unauthenticated attacker with network access to execute arbitrary commands in the root context from a remote location. This poses a significant threat as it could lead to unauthorized access and control over the affected systems.
- Furthermore, the systems are susceptible to an authentication bypass issue, tracked as CVE-2023-51761 (CVSS score 8.3), which could enable unauthenticated users to gain administrative capabilities.
- CVE-2023-49716 (CVSS score 6.9), permits an authenticated user to remotely execute arbitrary commands. This vulnerability, although less severe, still poses a considerable risk.
- CVE-2023-43609 (CVSS score 6.9) concerns improper authorization that could lead to unauthorized access to sensitive information or cause a denial-of-service condition.
These vulnerabilities are concerning given the deployment of these devices in critical infrastructure sectors like Energy and Chemical industries globally.
Emerson has advised users to update their firmware for these affected products and encourages following current cybersecurity best practices. They emphasize the importance of connecting these devices to secure networks and avoiding direct internet connections. In addition to Emerson's recommendations, the Cybersecurity and Infrastructure Security Agency (CISA) has suggested several defensive measures. These include minimizing network exposure, using firewalls to isolate control systems from business networks, and employing secure methods like updated VPNs for remote access.
