CVE-2021-42538: Emerson WirelessHART Gateway
First published: Fri Oct 22 2021(Updated: )
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Wireless 1410 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410 Gateway | ||
| Emerson Wireless 1410d Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410d Gateway | ||
| Emerson Wireless 1420 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1420 Gateway | ||
| Emerson WirelessHART 1410 Gateway | <4.7.94 | 4.7.94 |
| Emerson WirelessHART 1410D Gateway | <4.7.94 | 4.7.94 |
| Emerson WirelessHART 1420 Gateway | <4.7.94 | 4.7.94 |
| All of | ||
| Emerson Wireless 1410 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410 Gateway | ||
| All of | ||
| Emerson Wireless 1410d Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410d Gateway | ||
| All of | ||
| Emerson Wireless 1420 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1420 Gateway |
Remedy
Emerson recommends upgrading to v4.7.105 to address these vulnerabilities. Users can visit the Emerson Gate Firmware site for and download instructions. If affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42538?
CVE-2021-42538 is a vulnerability that allows an attacker to perform parameter injection via passphrase in the affected product.
What is the severity of CVE-2021-42538?
The severity of CVE-2021-42538 is high, with a severity value of 8.8.
Which products are affected by CVE-2021-42538?
The affected products include Emerson Wireless 1410 Gateway Firmware (up to version 4.7.94), Emerson Wireless 1410d Gateway Firmware (up to version 4.7.94), and Emerson Wireless 1420 Gateway Firmware (up to version 4.7.94).
How does the vulnerability in CVE-2021-42538 work?
The vulnerability in CVE-2021-42538 allows an attacker to supply uncontrolled input via passphrase, leading to parameter injection.
Is there a fix available for CVE-2021-42538?
It is recommended to update the affected product to a version beyond 4.7.94 to mitigate CVE-2021-42538.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/severity
- agent/remedy
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/softwarecombine
- agent/trending
- vendor/emerson
- canonical/emerson wireless 1410 gateway firmware
- canonical/emerson wireless 1410 gateway
- canonical/emerson wireless 1410d gateway firmware
- canonical/emerson wireless 1410d gateway
- canonical/emerson wireless 1420 gateway firmware
- canonical/emerson wireless 1420 gateway
- canonical/emerson wirelesshart 1410 gateway
- canonical/emerson wirelesshart 1410d gateway
- canonical/emerson wirelesshart 1420 gateway