Security Advisory

Emerson Secure Setup Utility Certificate Weaknesses

Man-in-the-middle; Weak File Permissions

Risk Information

Limited Threat

CVE ID

CVE-2021-37581

CVE-2021-37582

Vunerability Type

Man-in-the-middle

Weak File Permissions

CVSS3 Score

8.3

6.5

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affecting

Emerson Security Setup Utility: v1.6.8 and prior

PlantWeb Insight: v2.3.4 and prior

Emerson v4 WirelessHART Gateways, (1410, 1420, 1552, 1410D): v4.8.0 and prior

Emerson v6 WirelessHART Gateways (1410S): v6.6.0 and prior

Mitigation

Update to a patched version:
Emerson Security Setup Utility: v1.6.9 and later
PlantWeb Insight: v2.3.5 and later
Emerson Version 4 WirelessHART Gateways, (1410, 1420, 1552, 1410D): v4.8.1 and later
Emerson v6 WirelessHART Gateways (1410S): v6.6.1 and later

02/01/2022