A recent report by Claroty has uncovered several vulnerabilities in gas Emerson production chromatographs that could have serious implications for various industries. These devices are crucial for chemical analysis, measuring the composition of samples in industries such as food production and environmental testing. Furthermore, they are used in hospitals for blood tests and other medical purposes.
The study focused on Emerson’s Rosemount 370XA model, a high-value device worth approximately $100,000. Researchers found that these gas chromatographs are connected to internal networks and can be remotely controlled using a proprietary protocol. To assess the vulnerabilities, the researchers emulated the testing device.
According to the report, the Rosemount 370XA, GC700XA, and GC1500XA models contain four critical vulnerabilities. These vulnerabilities include cve-2023-46687, cve-2023-49716, CVE-2023-51761, and cve-2023-43609. Each vulnerability poses a significant threat, ranging from allowing remote code execution to gaining administrator rights without proper authentication.
These vulnerabilities could potentially be exploited by malicious actors to disrupt essential processes in various industries, jeopardizing data security and operational integrity. It is crucial for organizations using these devices to implement security measures to mitigate these risks and protect against potential cyber attacks.