CVE-2014-2349

Name of the Vulnerable Software and Affected Versions Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3

Description The issue allows local users to modify or read configuration files by leveraging engineering-level privileges. It is related to errors that occur when processing a specially crafted configuration file, which can be exploited to elevate privileges and gain unauthorized access to confidential information.

Recommendations For Emerson DeltaV version 10.3.1, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 11.3, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 11.3.1, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 12.3, update to a version that fixes the issue with configuration file handling. As a temporary workaround, consider restricting access to configuration files to minimize the risk of exploitation.