Connect with us

Hi, what are you looking for?



Gas Chromatograph Hacking Could Have Serious Impact: Security Firm

Critical vulnerabilities have been found in an Emerson gas chromatograph and Claroty warns that attacks could have a serious impact.

Claroty, a company that specializes in security solutions for cyber-physical systems, has disclosed the details of several vulnerabilities discovered in a gas chromatograph made by Emerson, and warned that attacks could have a serious impact. 

A gas chromatograph is a chemical analysis instrument that measures the content of various components in a sample. Such devices are used by hospitals in blood testing and by environmental facilities to measure air pollution. 

Claroty’s analysis showed that Emerson gas chromatography devices are connected to internal networks and they are controlled remotely by technicians over a communication channel that leverages a proprietary protocol. 

Claroty’s research focused on the Emerson Rosemount 370XA gas chromatograph. Since the product costs $100,000, the cybersecurity firm managed to emulate the device instead of using a real one for its testing.

The analysis found — and Emerson confirmed — that Rosemount GC370XA, GC700XA, and GC1500XA products are affected by four vulnerabilities.

The list includes a critical command injection that allows an unauthenticated attacker with network access to remotely execute arbitrary commands with root privileges. It also includes a high-severity issue that allows an unauthenticated network attacker to bypass authentication and obtain admin capabilities. 

The remaining vulnerabilities have been classified as ‘medium severity’. One of them allows an unauthenticated attacker to obtain sensitive information or cause a DoS condition, and one allows an authenticated attacker to run arbitrary commands.

“A compromise of such devices can have a tremendous impact on various industries. In the food and beverage sector, attacks against a food processing company’s gas chromatographs could prevent the accurate detection of bacteria and bring a process chain to a halt,” Claroty warned. “Similar attacks against a hospital’s chromatographs would disrupt testing of blood and other patient samples.”

The US cybersecurity agency CISA published an advisory for these vulnerabilities back in January, at around the same time as Emerson. 

Advertisement. Scroll to continue reading.

The vendor at the time informed customers about the availability of firmware updates that should patch the vulnerabilities and also highlighted that “if the affected product is isolated from the internet as recommended and running on a well-protected network consistent with industry best practices, the potential risk is lowered.”

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta

Related: Emerson Patches Several Vulnerabilities in X-STREAM Gas Analyzers

Related: Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution

Related: Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights