In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
An unauthenticated user with network access to the device can send a crafted request, which results in execution of arbitrary system commands (command injection) with root privileges. The vulnerability classified as CWE-77 indicates improper neutralization of special characters before passing data to the command interpreter. The attack requires no credentials or user interaction.
The attacker gains full control of the device with root privileges, enabling reading and modification of measurement data, disruption of the technological process, and use of the device as an entry point to the industrial network (lateral movement).
Patches available from the manufacturer should be applied in accordance with the references (Emerson security notice ICSA-24-030-01). Additionally, it is recommended to isolate devices from untrusted networks, restrict network access to these devices exclusively to authorized hosts, and implement firewalls and OT network segmentation in accordance with CISA recommendations.
Emerson Rosemount GC370XA, GC700XA, and GC1500XA — firmware versions indicated in the manufacturer's references (ICSA-24-030-01)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEmerson Gc1500xa
HWEmersonwszystkie wersjeEmerson Gc1500xa Firmware
OSEmerson4.1.5Emerson Gc370xa
HWEmersonwszystkie wersjeEmerson Gc370xa Firmware
OSEmerson4.1.5Emerson Gc700xa
HWEmersonwszystkie wersjeEmerson Gc700xa Firmware
OSEmerson4.1.5
Related vulnerabilities
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access coul...
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access coul...
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could...
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain un...
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They ...