PatchSiren cyber security CVE debrief
CVE-2022-30263 Emerson CVE debrief
CVE-2022-30263 (published 2024-06-06) is a MEDIUM severity vulnerability (CVSS 5.9) affecting Emerson PAC Machine Edition and multiple PACSystem PLC families (RXi, RX3i, RSTi-EP, VersaMax) as well as Fanuc VersaMax. The core issue is cleartext credential transmission in the affected products' protocol, which could allow network-based attackers to retrieve credentials and gain PLC control. The advisory notes that cryptographically secure authentication via SRP-6a protocol is supported and recommended as a countermeasure. Enabling authentication prevents replay attacks and forces attackers to intercept and modify active connections rather than simply capturing credentials. Network segmentation through non-routing control networks adds another layer of defense by requiring network topology compromise before SRTP packets can be intercepted.
- Vendor
- Emerson
- Product
- PAC Machine Edition
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-06
- Original CVE updated
- 2024-06-06
- Advisory published
- 2024-06-06
- Advisory updated
- 2024-06-06
Who should care
OT security teams operating Emerson PACSystem RXi, RX3i, RSTi-EP, or VersaMax PLCs; industrial control system administrators responsible for PLC authentication configuration; network architects designing segmented control system environments
Technical summary
Affected Emerson PACSystem products transmit authentication credentials in cleartext, enabling credential theft and PLC compromise via passive network monitoring. The vulnerability is mitigated by enabling SRP-6a (Secure Remote Password) authentication, which provides cryptographic protection against credential exposure and replay attacks. Defense in depth requires network segmentation (non-routing control networks) to limit packet interception opportunities.
Defensive priority
medium
Recommended defensive actions
- Enable SRP-6a cryptographically secure authentication on all affected PLCs per vendor documentation
- Implement non-routing control network architecture to prevent SRTP packet interception
- Review PACSystems RXi, RX3i and RSTi-EP Secure Deployment Guide (GFK-2830Y) sections 2.4, 4.3.3, 4.3.4, and 5.2.1.1 for configuration guidance
- Disable unnecessary Ethernet services where SRP-6a is not in use
- Apply personnel and physical security perimeter protections per vendor recommendations
Evidence notes
CISA ICS advisory ICSA-24-158-01 published 2024-06-06 documents this vulnerability affecting six Emerson product lines. The advisory explicitly states SRP-6a authentication is supported and recommended to mitigate credential exposure. CVSS 3.1 vector AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H reflects physical access requirements limiting attack surface.
Official resources
-
CVE-2022-30263 CVE record
CVE.org
-
CVE-2022-30263 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-06