CVE-2022-30260

Name of the Vulnerable Software and Affected Versions Emerson DeltaV Distributed Control System (DCS) versions prior to 14.3

Description The issue is related to insufficient verification of firmware integrity, specifically an inadequate checksum approach and lack of signature. This could potentially allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with the transmission of data in an open form.

Recommendations For versions prior to 14.3, update to version 14.3 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to verify the integrity of firmware updates until a patch is applied. Restrict access to the system to minimize the risk of exploitation.