CVE-2021-42538 : Security Advisory and Response

Emerson WirelessHART Gateway is vulnerable to a parameter injection via passphrase, potentially enabling attackers to provide uncontrolled input, leading to a high-severity impact on confidentiality, integrity, and availability.

Understanding CVE-2021-42538

This CVE involves a security vulnerability in the WirelessHART Gateway by Emerson.

What is CVE-2021-42538?

The vulnerability allows an attacker to perform parameter injection via passphrase, which may result in the injection of uncontrolled input.

The Impact of CVE-2021-42538

The vulnerability has a CVSS v3.1 base score of 8.0, indicating a high severity level with significant impacts on confidentiality, integrity, and availability, making it crucial to address promptly.

Technical Details of CVE-2021-42538

This section provides detailed technical information about the CVE.

Vulnerability Description

The issue stems from a parameter injection vulnerability via passphrase in the Emerson WirelessHART Gateway, facilitating the provision of uncontrolled input by malicious actors.

Affected Systems and Versions

Product: WirelessHART Gateway
Vendor: Emerson
Vulnerable Versions: 1410, 1410D, 1420 (<= v4.7.94)
Status: Affected

Exploitation Mechanism

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Mitigation and Prevention

It is crucial to take immediate steps to mitigate the risks posed by CVE-2021-42538.

Immediate Steps to Take

Upgrade to version 4.7.105 recommended by Emerson
Visit the Emerson Gate Firmware site for download instructions
Obtain a free Guardian account for updated firmware

Long-Term Security Practices

Regularly update firmware and security patches
Conduct security assessments and follow best practices

Patching and Updates

Address the vulnerability by applying the recommended upgrade to version 4.7.105 in a timely manner to enhance system security.