icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment

Summary:
Multiple security vulnerabilities have been identified in Emerson Rosemount gas chromatographs, potentially allowing attackers to access sensitive information, cause denial-of-service (DoS) conditions, and execute arbitrary commands. The affected models include GC370XA, GC700XA, and GC1500XA, with versions 4.1.5 and earlier. Claroty, an operational technology (OT) security firm, highlighted two command injection flaws and two authentication and authorization vulnerabilities. These could enable unauthenticated attackers to bypass authentication, run arbitrary commands, access sensitive data, and induce DoS conditions.

Claroty's analysis revealed the following vulnerabilities:

  • CVE-2023-46687 (CVSS score: 9.8): Unauthenticated users can execute arbitrary commands remotely.
  • CVE-2023-49716 (CVSS score: 6.9): Authenticated users can run arbitrary commands remotely.
  • CVE-2023-51761 (CVSS score: 8.3): Unauthenticated users can bypass authentication and gain admin access by resetting the password.
  • CVE-2023-43609 (CVSS score: 6.9): Unauthenticated users can access sensitive information or cause DoS conditions.

Security Officer Comments:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasized that exploiting these vulnerabilities could grant attackers admin capabilities, allowing them to perform a range of malicious actions. The gas chromatographs, managed by the MON software, are critical for gas measurements and data storage.

Suggested Corrections:
Emerson has released an updated firmware version addressing these vulnerabilities and recommends users follow cybersecurity best practices and avoid exposing affected products to the internet.

Link(s):
https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html

Contact Us for Threat Assistance
Back to Current Threats