CVE-2018-11691 Explained : Impact and Mitigation
Learn about CVE-2018-11691 affecting Emerson DeltaV Smart Switch Command Center application versions 11.3.x and 12.3.1. Find out the impact, technical details, and mitigation steps.
The Emerson DeltaV Smart Switch Command Center application in versions 11.3.x and 12.3.1 encountered an issue related to changing the management password of DeltaV Smart Switches during commissioning. Emerson has provided patches for DeltaV workstations to address this vulnerability.
Understanding CVE-2018-11691
This CVE highlights a security issue in the Emerson DeltaV Smart Switch Command Center application.
What is CVE-2018-11691?
The vulnerability in versions 11.3.x and 12.3.1 of the Emerson DeltaV Smart Switch Command Center application prevented the changing of management passwords for DeltaV Smart Switches during commissioning.
The Impact of CVE-2018-11691
The vulnerability could potentially lead to unauthorized access to DeltaV Smart Switches and compromise the security of the system.
Technical Details of CVE-2018-11691
This section provides more technical insights into the CVE.
Vulnerability Description
The issue prevented the changing of management passwords for DeltaV Smart Switches during the commissioning process.
Affected Systems and Versions
- Versions 11.3.x and 12.3.1 of the Emerson DeltaV Smart Switch Command Center application
Exploitation Mechanism
- Attackers could exploit this vulnerability to gain unauthorized access to DeltaV Smart Switches.
Mitigation and Prevention
Steps to address and prevent the CVE.
Immediate Steps to Take
- Apply the patches provided by Emerson for DeltaV workstations.
- Download the patches from Emerson's Guardian Support Portal.
Long-Term Security Practices
- Regularly update and patch all software and applications to prevent vulnerabilities.
- Implement strong password policies and change default passwords.
Patching and Updates
- Ensure all DeltaV workstations are updated with the latest patches from Emerson.