CVE-2021-42539: Emerson WirelessHART Gateway
First published: Tue Oct 05 2021(Updated: )
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Wireless 1410 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410 Gateway | ||
| Emerson Wireless 1410d Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410d Gateway | ||
| Emerson Wireless 1420 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1420 Gateway | ||
| Emerson WirelessHART 1410 Gateway | <4.7.94 | 4.7.94 |
| Emerson WirelessHART 1410D Gateway | <4.7.94 | 4.7.94 |
| Emerson WirelessHART 1420 Gateway | <4.7.94 | 4.7.94 |
| All of | ||
| Emerson Wireless 1410 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410 Gateway | ||
| All of | ||
| Emerson Wireless 1410d Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410d Gateway | ||
| All of | ||
| Emerson Wireless 1420 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1420 Gateway |
Remedy
Emerson recommends upgrading to v4.7.105 to address these vulnerabilities. Users can visit the Emerson Gate Firmware site for and download instructions. If affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42539?
CVE-2021-42539 is a vulnerability that allows unauthorized account access and unauthorized changes to system settings in Emerson Wireless 1410 and 1410d Gateway Firmware versions up to 4.7.94, and Emerson Wireless 1420 Gateway Firmware versions up to 4.7.94.
What is the severity of CVE-2021-42539?
CVE-2021-42539 has a severity rating of 8.8 (high).
How can CVE-2021-42539 be exploited?
CVE-2021-42539 can be exploited by an attacker to gain unauthorized access to user accounts and make unauthorized changes to system settings through a missing permission validation on system backup restore.
Which software versions are affected by CVE-2021-42539?
Emerson Wireless 1410 Gateway Firmware versions up to 4.7.94, Emerson Wireless 1410d Gateway Firmware versions up to 4.7.94, and Emerson Wireless 1420 Gateway Firmware versions up to 4.7.94 are affected by CVE-2021-42539.
Where can I find more information about CVE-2021-42539?
More information about CVE-2021-42539 can be found at the following reference: https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02
- collector/nvd-index
- agent/type
- agent/references
- agent/weakness
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/title
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/softwarecombine
- agent/trending
- vendor/emerson
- canonical/emerson wireless 1410 gateway firmware
- canonical/emerson wireless 1410 gateway
- canonical/emerson wireless 1410d gateway firmware
- canonical/emerson wireless 1410d gateway
- canonical/emerson wireless 1420 gateway firmware
- canonical/emerson wireless 1420 gateway
- canonical/emerson wirelesshart 1410 gateway
- canonical/emerson wirelesshart 1410d gateway
- canonical/emerson wirelesshart 1420 gateway