CVE-2016-9347 Emerson CVE debrief

Who should care

OT/ICS operators using Emerson DeltaV Wireless I/O Cards, plant network and security teams, and administrators responsible for managing SE4801T0X or SE4801T1X devices running firmware v13.3.

Technical summary

The supplied NVD record says Emerson SE4801T0X Redundant Wireless I/O Card V13.3 and SE4801T1X Simplex Wireless I/O Card V13.3 are affected because SSH functionality is enabled unnecessarily. NVD maps the issue to CWE-254 and rates it CVSS v3.0 5.0 with vector AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating adjacent-network exposure, high attack complexity, and low impact to confidentiality, integrity, and availability.

Defensive priority

Medium: the score is moderate, but this still matters in industrial environments because it exposes an unnecessary management service on affected DeltaV wireless I/O cards.

Recommended defensive actions

• Inventory DeltaV Wireless I/O Cards to confirm whether SE4801T0X or SE4801T1X devices are running firmware v13.3.
• Review Emerson and ICS-CERT guidance for supported hardening or mitigation steps for CVE-2016-9347.
• If SSH is not required for your operational workflow, restrict or disable access using vendor-supported configuration methods.
• Segment the OT network so only approved management hosts can reach the affected devices.
• Validate any configuration change in a maintenance window and monitor for unexpected SSH access attempts.

Evidence notes

The supplied corpus includes the NVD entry, which lists the affected CPEs for SE4801T0X firmware 13.3 and SE4801T1X firmware 13.3, the CVSS v3.0 vector, and CWE-254. It also references SecurityFocus BID 94586 and the ICS-CERT advisory ICSA-16-334-03. No exploit code or weaponized reproduction details are present in the supplied sources.

Official resources