CVE-2021-42542: Emerson WirelessHART Gateway
First published: Tue Oct 05 2021(Updated: )
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Wireless 1410 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410 Gateway | ||
| Emerson Wireless 1410d Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1410d Gateway | ||
| Emerson Wireless 1420 Gateway Firmware | <4.7.94 | |
| Emerson Wireless 1420 Gateway | ||
| Emerson WirelessHART 1410 Gateway | <4.7.94 | 4.7.94 |
| Emerson WirelessHART 1410D Gateway | <4.7.94 | 4.7.94 |
| Emerson WirelessHART 1420 Gateway | <4.7.94 | 4.7.94 |
Remedy
Emerson recommends upgrading to v4.7.105 to address these vulnerabilities. Users can visit the Emerson Gate Firmware site for and download instructions. If affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-42542?
The severity of CVE-2021-42542 is high with a severity value of 8.8.
Which products are affected by CVE-2021-42542?
The affected products are Emerson Wireless 1410 Gateway Firmware (up to exclusive version 4.7.94) and Emerson Wireless 1410d Gateway Firmware (up to exclusive version 4.7.94).
What is the vulnerability in CVE-2021-42542?
The vulnerability in CVE-2021-42542 is directory traversal due to mishandling of provided backup folder structure.
How can I fix CVE-2021-42542?
Apply the latest firmware update from Emerson to fix CVE-2021-42542.
Where can I find more information about CVE-2021-42542?
You can find more information about CVE-2021-42542 in the advisory provided by the US-CERT.
- collector/nvd-index
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/emerson
- canonical/emerson wireless 1410 gateway firmware
- canonical/emerson wireless 1410 gateway
- canonical/emerson wireless 1410d gateway firmware
- canonical/emerson wireless 1410d gateway
- canonical/emerson wireless 1420 gateway firmware
- canonical/emerson wireless 1420 gateway
- canonical/emerson wirelesshart 1410 gateway
- canonical/emerson wirelesshart 1410d gateway
- canonical/emerson wirelesshart 1420 gateway