CVE-2021-42540 : What You Need to Know
Discover the security vulnerability in Emerson WirelessHART Gateway allowing unauthorized users to manipulate system configurations. Learn mitigation steps and upgrade recommendations.
Emerson WirelessHART Gateway has a vulnerability allowing a low-privileged user to overwrite system configurations, impacting versions 4.7.94 and below.
Understanding CVE-2021-42540
WirelessHART Gateway by Emerson is susceptible to a potentially severe exploit that enables unauthorized users to manipulate key settings and functionalities.
What is CVE-2021-42540?
The issue involves an unsanitized extract folder for system configuration, enabling a low-privileged user to override critical settings.
The Impact of CVE-2021-42540
The vulnerability can lead to high impacts on availability, confidentiality, and integrity, with a CVSS base score of 8 (High Severity).
Technical Details of CVE-2021-42540
Emerson WirelessHART Gateway faces security risks due to the following details:
Vulnerability Description
- Vulnerable to unsanitized folder extraction for system configuration
- Allows low-privileged user to overwrite key settings
Affected Systems and Versions
- Product: WirelessHART Gateway
- Vendor: Emerson
- Affected Versions: 1410, 1410D, 1420 (<= 4.7.94)
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Network
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Availability Impact: High
- Confidentiality Impact: High
- Integrity Impact: High
Mitigation and Prevention
To address CVE-2021-42540, follow the below steps:
Immediate Steps to Take
- Upgrade to version 4.7.105 or above
- Refer to Emerson Gate Firmware site for download instructions
- Create a free Guardian account for updated firmware download process
Long-Term Security Practices
- Regularly update and patch software
- Conduct security audits and assessments
- Implement least privilege access controls
Patching and Updates
Follow Emerson's recommendations and regularly check for firmware updates.