You are here

Emerson OpenEnterprise (ICSA-20-140-02) – Product Used in the Water and Wastewater and Energy Sectors

Emerson OpenEnterprise (ICSA-20-140-02) – Product Used in the Water and Wastewater and Energy Sectors

Created: Tuesday, May 19, 2020 - 14:21
Categories:
Cybersecurity

CISA has published an advisory on missing authentication for critical function, improper ownership management, and inadequate encryption strength vulnerabilities in Emerson OpenEnterprise. All versions through 3.3.4 are affected. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.