CVE-2022-30260

moderate-risk
Published 2022-12-26

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Deltav Distributed Control System Sq Controller Firmware
Deltav Distributed Control System Sx Controller Firmware
Se4002S1T2B6 High Side 40-Pin Mass I\/O Terminal Block Firmware
Se4003S2B4 16-Pin Mass I\/O Terminal Block Firmware
Se4003S2B524-Pin Mass I\/O Terminal Block Firmware
Se4017P0 H1 I\/O Interface Card And Terminl Block Firmware
Se4017P1 H1 I\/O Card With Integrated Power Firmware
Se4019P0 Simplex H1 4-Port Plus Fieldbus I\/O Interface With Terminalblock Firmware
Se4026 Virtual I\/O Module 2 Firmware
Se4027 Virtual I\/O Module 2 Firmware
Se4032S1T2B8 High Side 40-Pin Do Mass I\/O Terminal Block Firmware
Se4037P0 H1 I\/O Interface Card And Terminl Block Firmware
Se4037P1 Redundant H1 I\/O Card With Integrated Power And Terminal Block Firmware
Se4039P0 Redundant H1 4-Port Plus Fieldbus I\/O Interface With Terminalblock Firmware
Se4052S1T2B6 High Side 40-Pin Mass I\/O Terminal Block Firmware
Se4082S1T2B8 High Side 40-Pin Do Mass I\/O Terminal Block Firmware
Se4100 Simplex Ethernet I\/O Card \(Eioc\) Assembly Firmware
Se4101 Simplex Ethernet I\/O Card \(Eioc\) Assembly Firmware
Se4801T0X Redundant Wireless I\/O Card Firmware
Ve4103 Modbus Tcp Interface For Ethernet Connected I\/O \(Eioc\) Firmware

Affected Vendors

Emerson

References (4)

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03
Not Applicable https://www.forescout.com/blog/
Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03
Not Applicable https://www.forescout.com/blog/
45
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 21/34 · High