CVE-2021-42542 : Vulnerability Insights and Analysis

Emerson WirelessHART Gateway is vulnerable to directory traversal, impacting versions 1410, 1410D, and 1420. A CVSS score of 8.0 denotes a high severity issue.

Understanding CVE-2021-42542

This CVE involves a critical vulnerability in Emerson's WirelessHART Gateway, allowing for directory traversal attacks.

What is CVE-2021-42542?

The vulnerability arises from the mishandling of provided backup folder structures, leading to the potential for unauthorized directory access.

The Impact of CVE-2021-42542

The vulnerability has a CVSS base score of 8.0 (High), with significant impacts on confidentiality, integrity, and availability. An attacker can exploit this to gain unauthorized access and potentially disrupt operations.

Technical Details of CVE-2021-42542

Emerson WirelessHART Gateway vulnerability details.

Vulnerability Description

The flaw enables malicious actors to perform directory traversal due to inadequate handling of backup folder structures.

Affected Systems and Versions

Product: WirelessHART Gateway
Vendor: Emerson
Affected Versions: 1410, 1410D, 1420 (<= 4.7.94)

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: Required

Mitigation and Prevention

Actions to secure systems against CVE-2021-42542.

Immediate Steps to Take

Upgrade to version 4.7.105 provided by Emerson
Follow download instructions on Emerson's Gate Firmware site
Set up a free Guardian account for firmware access

Long-Term Security Practices

Regularly monitor for security advisories and updates
Implement access controls and least privilege principles
Conduct security audits and penetration testing

Patching and Updates

Emerson advises upgrading to version 4.7.105 to remediate the vulnerability. Stay informed on future security recommendations and updates.