CVE-2018-11691

Name of the Vulnerable Software and Affected Versions Emerson DeltaV Smart Switch Command Center application versions 11.3.x through 12.3.1

Description The issue is related to the inability to change the management password of DeltaV Smart Switches upon commissioning. This affects a significant number of devices, but the exact number is not specified. The problem does not affect DeltaV versions 13.3 and higher, which use the Network Device Command Center application.

Recommendations For versions 11.3.x through 12.3.1, apply the patches released by Emerson for DeltaV workstations, available on Emerson's Guardian Support Portal. After patching, either re-commission the DeltaV Smart Switches or change the password using the provided tool.