ICSA-15-008-01A
Vulnerability from csaf_cisa - Published: 2015-10-11 06:00 - Updated: 2025-06-06 22:53Summary
Emerson HART DTM Vulnerability
Notes
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-15-008-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2015/icsa-15-008-01a.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-15-008-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-008-01a"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Emerson HART DTM Vulnerability",
"tracking": {
"current_release_date": "2025-06-06T22:53:36.666065Z",
"generator": {
"date": "2025-06-06T22:53:36.666005Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-15-008-01A",
"initial_release_date": "2015-10-11T06:00:00.000000Z",
"revision_history": [
{
"date": "2015-10-11T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-06-06T22:53:36.666065Z",
"legacy_version": "CSAF Conversion",
"number": "2",
"summary": "Advisory converted into a CSAF"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Rev._2.01",
"product": {
"name": "Emerson Process Management Fisher Controls DVC6000 Digital Valve Controller: Rev._2.01",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Fisher Controls DVC6000 Digital Valve Controller"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1.01",
"product": {
"name": "Emerson Process Management Fisher Controls International DVC2000 Digital Valve Controller: Rev._1.01",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Fisher Controls International DVC2000 Digital Valve Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5|6",
"product": {
"name": "Emerson Process Management Micro Motion 1500: 5|6",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Micro Motion 1500"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5|6",
"product": {
"name": "Emerson Process Management Micro Motion 1700 Analog: 5|6",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Micro Motion 1700 Analog"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._6",
"product": {
"name": "Emerson Process Management Micro Motion 1700 IS: Rev._6",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Micro Motion 1700 IS"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._5",
"product": {
"name": "Emerson Process Management Micro Motion 1700: Rev._5",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Micro Motion 1700"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._5",
"product": {
"name": "Emerson Process Management Micro Motion 1700IS: Rev._5",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Micro Motion 1700IS"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._5",
"product": {
"name": "Emerson Process Management Micro Motion 2000 Config I/O: Rev._5",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Micro Motion 2000 Config I/O"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Micro Motion 2200S: Rev._1",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Micro Motion 2200S"
},
{
"branches": [
{
"category": "product_version_range",
"name": "2|3|4",
"product": {
"name": "Emerson Process Management Micro Motion 2400S Analog: 2|3|4",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Micro Motion 2400S Analog"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5|6",
"product": {
"name": "Emerson Process Management Micro Motion 2500/2700 Config I/O: 5|6",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Micro Motion 2500/2700 Config I/O"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5|6",
"product": {
"name": "Emerson Process Management Micro Motion 2700 Analog: 5|6",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Micro Motion 2700 Analog"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5|6",
"product": {
"name": "Emerson Process Management Micro Motion 2700 IS: 5|6",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Micro Motion 2700 IS"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._4",
"product": {
"name": "Emerson Process Management Micro Motion RFT9739: Rev._4",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Micro Motion RFT9739"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._7",
"product": {
"name": "Emerson Process Management Micro Motion Series 3000: Rev._7",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Micro Motion Series 3000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "5|6",
"product": {
"name": "Emerson Process Management Rosemount 1151 Pressure Transmitter: 5|6",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Rosemount 1151 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3|9|10",
"product": {
"name": "Emerson Process Management Rosemount 2051 Pressure Transmitter: 3|9|10",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Rosemount 2051 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3|9|10",
"product": {
"name": "Emerson Process Management Rosemount 2088 Pressure Transmitter: 3|9|10",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Rosemount 2088 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._3",
"product": {
"name": "Emerson Process Management Rosemount 2090 Pressure Transmitter: Rev._3",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Rosemount 2090 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount 248 Temperature Transmitter: Rev._2",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Rosemount 248 Temperature Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3|7|9|10",
"product": {
"name": "Emerson Process Management Rosemount 3051 Pressure Transmitter: 3|7|9|10",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Rosemount 3051 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "2|3",
"product": {
"name": "Emerson Process Management Rosemount 3051S Advanced Diagnostics: 2|3",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "Rosemount 3051S Advanced Diagnostics"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 3051S Electronic Remote Sensors: Rev._1",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "Rosemount 3051S Electronic Remote Sensors"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._7",
"product": {
"name": "Emerson Process Management Rosemount 3051S Pressure Transmitter: Rev._7",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "Rosemount 3051S Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 3051SMV Direct Process Variable: Rev._1",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "Rosemount 3051SMV Direct Process Variable"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 3051SMV MultiVariable Mass Energy Flow: Rev._1",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "Rosemount 3051SMV MultiVariable Mass Energy Flow"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount 3095M MultiVariable Mass Flow: Rev._2",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "Rosemount 3095M MultiVariable Mass Flow"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._5",
"product": {
"name": "Emerson Process Management Rosemount 3100 Ultrasonic Level Transmitter: Rev._5",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "Rosemount 3100 Ultrasonic Level Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3|4|5|6",
"product": {
"name": "Emerson Process Management Rosemount 3144P Temperature Transmitter: 3|4|5|6",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "Rosemount 3144P Temperature Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._3",
"product": {
"name": "Emerson Process Management Rosemount 3300 Radar Level and Interface Transmitter: Rev._3",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "Rosemount 3300 Radar Level and Interface Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 333 Triloop: Rev._1",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "Rosemount 333 Triloop"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._7",
"product": {
"name": "Emerson Process Management Rosemount 4500 Pressure Transmitter: Rev._7",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "Rosemount 4500 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 4600 Pressure Transmitter: Rev._1",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "Rosemount 4600 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1|2|3",
"product": {
"name": "Emerson Process Management Rosemount 5300 Radar Level and Interface Transmitter: 1|2|3",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "Rosemount 5300 Radar Level and Interface Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1|2",
"product": {
"name": "Emerson Process Management Rosemount 5400 Radar Level Transmitter: 1|2",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "Rosemount 5400 Radar Level Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "6|7|8|9",
"product": {
"name": "Emerson Process Management Rosemount 644 Temperature Transmitter: 6|7|8|9",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "Rosemount 644 Temperature Transmitter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 8712D Magnetic Flowmeter: Rev._1",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "Rosemount 8712D Magnetic Flowmeter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._3",
"product": {
"name": "Emerson Process Management Rosemount 8712E Magnetic Flowmeter: Rev._3",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "Rosemount 8712E Magnetic Flowmeter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount 8712H Magnetic Flowmeter: Rev._1",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "Rosemount 8712H Magnetic Flowmeter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._7",
"product": {
"name": "Emerson Process Management Rosemount 8732C Magnetic Flowmeter: Rev._7",
"product_id": "CSAFPID-0040"
}
}
],
"category": "product_name",
"name": "Rosemount 8732C Magnetic Flowmeter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount 8732E Magnetic Flowmeter: Rev._2",
"product_id": "CSAFPID-0041"
}
}
],
"category": "product_name",
"name": "Rosemount 8732E Magnetic Flowmeter"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._3",
"product": {
"name": "Emerson Process Management Rosemount 8800C Vortex Flowmeter: Rev._3",
"product_id": "CSAFPID-0042"
}
}
],
"category": "product_name",
"name": "Rosemount 8800C Vortex Flowmeter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1|2",
"product": {
"name": "Emerson Process Management Rosemount 8800D Vortex Flowmeter: 1|2",
"product_id": "CSAFPID-0043"
}
}
],
"category": "product_name",
"name": "Rosemount 8800D Vortex Flowmeter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1|2",
"product": {
"name": "Emerson Process Management Rosemount Analytical 1056: 1|2",
"product_id": "CSAFPID-0044"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 1056"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount Analytical 5081A: Rev._2",
"product_id": "CSAFPID-0045"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 5081A"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount Analytical 5081CT: Rev._1",
"product_id": "CSAFPID-0046"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 5081CT"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount Analytical 5081p: Rev._2",
"product_id": "CSAFPID-0047"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 5081p"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount Analytical 54eA: Rev._2",
"product_id": "CSAFPID-0048"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 54eA"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount Analytical 54eC: Rev._1",
"product_id": "CSAFPID-0049"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 54eC"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._2",
"product": {
"name": "Emerson Process Management Rosemount Analytical 54epH: Rev._2",
"product_id": "CSAFPID-0050"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical 54epH"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._3",
"product": {
"name": "Emerson Process Management Rosemount Analytical OCT4000: Rev._3",
"product_id": "CSAFPID-0051"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical OCT4000"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._3",
"product": {
"name": "Emerson Process Management Rosemount Analytical OCX8800: Rev._3",
"product_id": "CSAFPID-0052"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical OCX8800"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount Analytical XmtA: Rev._1",
"product_id": "CSAFPID-0053"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical XmtA"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount Analytical XmtCT: Rev._1",
"product_id": "CSAFPID-0054"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical XmtCT"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev._1",
"product": {
"name": "Emerson Process Management Rosemount Analytical XmtpH: Rev._1",
"product_id": "CSAFPID-0055"
}
}
],
"category": "product_name",
"name": "Rosemount Analytical XmtpH"
},
{
"branches": [
{
"category": "product_version_range",
"name": "9|10",
"product": {
"name": "Emerson Process Management Rosemount Metran 150 Pressure Transmitter: 9|10",
"product_id": "CSAFPID-0056"
}
}
],
"category": "product_name",
"name": "Rosemount Metran 150 Pressure Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "9|10.",
"product": {
"name": "Emerson Process Management Rosemount Metran 75 Pressure Transmitter: 9|10.",
"product_id": "CSAFPID-0057"
}
}
],
"category": "product_name",
"name": "Rosemount Metran 75 Pressure Transmitter"
}
],
"category": "vendor",
"name": "Emerson Process Management"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9191",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Emerson updated the HART DTM for the Rosemount 644 Temperature Transmitter Rev. 8, DTM Version 1.4.181 on November 17, 2014. Installing this DTM will resolve the vulnerability for all the impacted Emerson products listed above. Emerson recommends downloading the updated DTM from its web site: (http://www2.emersonprocess.com/en-US/documentation/deviceinstallkits/Pages/deviceinstallkitsearch.aspx)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057"
],
"url": "http://www2.emersonprocess.com/en-US/documentation/deviceinstallkits/Pages/deviceinstallkitsearch.aspx"
},
{
"category": "mitigation",
"details": "An attacker would require physical access to the HART loop in order to execute this attack. The vulnerability is exploited by connecting a rogue device to the HART loop and sending malformed data to the frame. If the end user has adequate physical protection of the HART loop in place, exploitation is not possible. Field devices and WirelessHART installations are unaffected. Emerson recommends having physical protection of the end users\u2019 entire infrastructure.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057"
]
},
{
"category": "mitigation",
"details": "More details can be found at Emerson\u2019s advisory located: (http://www2.emersonprocess.com/siteadmincenter/PM Central Web Documents/EMR EPM14001-1.pdf)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057"
]
}
],
"scores": [
{
"cvss_v2": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039",
"CSAFPID-0040",
"CSAFPID-0041",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…