CVE-2020-12030: Emerson WirelessHART Gateway
First published: Wed Sep 29 2021(Updated: )
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Wireless 1410 Gateway Firmware | >=4.6.43<=4.7.84 | |
| Emerson Wireless 1410 Gateway | ||
| Emerson Wireless 1420 Gateway Firmware | >=4.6.43<=4.7.84 | |
| Emerson Wireless 1420 Gateway | ||
| Emerson Wireless 1552wu Gateway Firmware | >=4.6.43<=4.7.84 | |
| Emerson Wireless 1552wu Gateway | ||
| Emerson Wireless 1410 Gateway, revisions 4.6.43 to 4.7.84 | ||
| Emerson Wireless 1420 Gateway, revisions 4.6.43 to 4.7.84 | ||
| Emerson Wireless 1552WU Gateway, revisions 4.6.43 to 4.7.84 |
Remedy
Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible. If the VLAN feature is not enabled, no immediate action is necessary. Please see Emerson’s cybersecurity notification alert number EMR.RMT20001-1 for more information.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12030?
CVE-2020-12030 is a vulnerability in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled, which can result in the exposure of all ports used by the gateway.
How severe is CVE-2020-12030?
CVE-2020-12030 has a severity rating of critical with a value of 10.
Which software is affected by CVE-2020-12030?
Emerson Wireless 1410 Gateway Firmware (versions 4.6.43 to 4.7.84), Emerson Wireless 1420 Gateway Firmware (versions 4.6.43 to 4.7.84), and Emerson Wireless 1552wu Gateway Firmware (versions 4.6.43 to 4.7.84) are affected by CVE-2020-12030.
How can I fix CVE-2020-12030?
To fix CVE-2020-12030, users should update to a version of the affected firmware that is beyond version 4.7.84.
Where can I find more information about CVE-2020-12030?
More information about CVE-2020-12030 can be found on the official US-CERT website at https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/severity
- agent/references
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/trending
- vendor/emerson
- canonical/emerson wireless 1410 gateway firmware
- version/emerson wireless 1410 gateway firmware/4.6.43
- version/emerson wireless 1410 gateway firmware/4.7.84
- canonical/emerson wireless 1410 gateway
- canonical/emerson wireless 1420 gateway firmware
- version/emerson wireless 1420 gateway firmware/4.6.43
- version/emerson wireless 1420 gateway firmware/4.7.84
- canonical/emerson wireless 1420 gateway
- canonical/emerson wireless 1552wu gateway firmware
- version/emerson wireless 1552wu gateway firmware/4.6.43
- version/emerson wireless 1552wu gateway firmware/4.7.84
- canonical/emerson wireless 1552wu gateway
- canonical/emerson wireless 1410 gateway, revisions 4.6.43 to 4.7.84
- canonical/emerson wireless 1420 gateway, revisions 4.6.43 to 4.7.84
- canonical/emerson wireless 1552wu gateway, revisions 4.6.43 to 4.7.84