CVE-2020-10632
📋 TL;DR
This vulnerability in Emerson OpenEnterprise allows attackers with local access to modify critical configuration files due to inadequate folder permissions. This could cause system failures or unpredictable behavior. Affected users include all organizations running vulnerable versions of Emerson OpenEnterprise.
💻 Affected Systems
- Emerson OpenEnterprise
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system failure or malicious reconfiguration leading to operational disruption, data corruption, or safety incidents in industrial environments.
Likely Case
Unauthorized configuration changes causing system instability, service interruptions, or unintended operational behavior.
If Mitigated
Limited impact with proper access controls and monitoring, potentially only minor configuration issues.
🎯 Exploit Status
Requires local access to the system. No public exploit code available as per CISA advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.3.5 or later
Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-20-140-02
Restart Required: Yes
Instructions:
1. Download OpenEnterprise 3.3.5 or later from Emerson support portal. 2. Backup current configuration. 3. Install the update following Emerson's installation guide. 4. Restart the system. 5. Verify proper folder permissions are applied.
🔧 Temporary Workarounds
Restrict Folder Permissions
windowsManually adjust folder permissions to restrict write access to authorized users only.
icacls "C:\Program Files\Emerson\OpenEnterprise\Config" /inheritance:r /grant:r "Administrators:(OI)(CI)F" "SYSTEM:(OI)(CI)F"
icacls "C:\ProgramData\Emerson\OpenEnterprise" /inheritance:r /grant:r "Administrators:(OI)(CI)F" "SYSTEM:(OI)(CI)F"
🧯 If You Can't Patch
- Implement strict access controls to limit who can log into OpenEnterprise servers.
- Deploy application whitelisting to prevent unauthorized modifications to configuration files.
🔍 How to Verify
Check if Vulnerable:
Check OpenEnterprise version in Help > About. If version is 3.3.4 or earlier, system is vulnerable.Check Version:
Check Help > About in OpenEnterprise application or review installation directory properties.Verify Fix Applied:
Verify version is 3.3.5 or later and check folder permissions using: icacls "C:\Program Files\Emerson\OpenEnterprise\Config"📡 Detection & Monitoring
Log Indicators:
- Windows Security event logs showing unauthorized file modifications in OpenEnterprise directories
- Application logs showing configuration errors or unexpected restarts
Network Indicators:
- Unusual authentication attempts to OpenEnterprise servers
- Unexpected configuration changes transmitted over network
SIEM Query:
EventID=4663 AND ObjectName LIKE '%OpenEnterprise%' AND Accesses LIKE '%WRITE_DAC%' OR Accesses LIKE '%WRITE_OWNER%'