CVE-2022-30262

Name of the Vulnerable Software and Affected Versions Emerson ControlWave 'Next Generation' RTUs through 2022-05-02

Description The issue is related to insufficient authentication of data, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The Emerson ControlWave 'Next Generation' RTUs mishandle firmware integrity, utilizing the BSAP-IP protocol to transmit firmware updates. These updates are supplied as CAB archive files containing a binary firmware image, but they lack authentication, such as firmware signing, and rely only on insecure checksums for integrity checks.

Recommendations For Emerson ControlWave 'Next Generation' RTUs through 2022-05-02, consider disabling the use of the BSAP-IP protocol for firmware updates until a secure authentication mechanism is implemented. Restrict access to firmware updates to minimize the risk of exploitation. Avoid using insecure checksums for integrity checks; instead, implement a secure firmware signing mechanism to ensure the authenticity and integrity of firmware images. At the moment, there is no information about a newer version that contains a fix for this vulnerability.