PT-2018-12726 · Emerson · Emerson Deltav Dcs
Published
2018-08-23
·
Updated
2022-07-12
·
CVE-2018-14791
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5
Description
The issue allows non-administrative users to change executable and library files on the affected products.
Recommendations
For Emerson DeltaV DCS version 11.3.1, restrict access to executable and library files to prevent unauthorized changes.
For Emerson DeltaV DCS version 12.3.1, limit privileges to prevent non-administrative users from modifying system files.
For Emerson DeltaV DCS version 13.3.0, consider implementing additional access controls to safeguard executable and library files.
For Emerson DeltaV DCS version 13.3.1, apply configuration changes to restrict file modifications to administrative users only.
For Emerson DeltaV DCS version R5, ensure that only authorized personnel have access to modify system files.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emerson Deltav Dcs