You are here

Emerson OpenEnterprise (ICSA-20-238-02) – Product Used in the Water and Wastewater and Energy Sectors

Emerson OpenEnterprise (ICSA-20-238-02) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, August 27, 2020 - 05:31
Categories:
Cybersecurity

CISA has published an advisory on an inadequate encryption strength vulnerability in Emerson OpenEnterprise. All versions through 3.3.5 are affected. Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 6 (3.3.6), to resolve this issue. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.