Emerson OpenEnterprise SCADA Software: Authentication & Encryption vulnerabilities

A team of network perimeter security specialists has revealed the finding of at least three vulnerabilities in Emerson’s OpenEnterprise SCADA, a system used in multiple enterprise environments. According to the report, the flaws would allow the deployment of malicious scenarios such as remote code execution. 

Below is a brief overview of the three vulnerabilities found, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-10640: Affected components could allow threat actors to run arbitrary code with elevated privileges using specific communication services. The vulnerability exists due to missing authentication in critical functions and received a score of 10/10 on the CVSS scale, so it is considered a critical severity failure.

CVE-2020-10632: This is an incorrect property management flaw; inadequate folder security permissions would allow modification of some important configuration files, which could lead to severe system failures, or responses not expected by users.

This flaw received a score of 8.8/10 on the CVSS scale, making it a high-gravity vulnerability, network perimeter security experts mentioned.

CVE-2020-10636: This is a vulnerability of weakness in the encryption of the affected software and could be exploited by threat actors to obtain the passwords of OpenEnterprise users. The flaw received a score of 6.5/10 on the CVSS scale, so it is considered as a medium severity vulnerability.

In this regard, network perimeter security experts recommend that administrators of affected deployments upgrade to OpenEnterprise 3.3 Service Pack (3.3.5) to mitigate the risk of exploitation. OpenEnterprise service packages are available to users with access to the Emerson SupportNet system. Details will be found in the download area; you need to sign in to download the updates.

In addition, the International Institute of Cyber Security (IICS) recommends users implement the following measures for greater protection of their systems:

  • Enabling the Principle of Least Privileges
  • Reduce network exposure for all control system devices and systems
  • Identify and isolate the control system networks and remote devices behind firewalls
  • When remote access is required, use secure methods such as VPN

While these measures reduce the risk of exploitation, users should not forget to install the relevant updates.