CVE-2016-9347 is a medium-severity issue affecting Emerson DeltaV Wireless I/O Cards running firmware v13.3. The problem is that SSH is enabled unnecessarily on the SE4801T0X and SE4801T1X cards, increasing the management exposure of the device. Defenders should verify whether these cards are present, limit SSH exposure, and follow the linked vendor or ICS-CERT guidance for supported hardening steps.
CVE-2016-9345 describes a privilege-escalation issue in Emerson DeltaV Easy Security Management affecting DeltaV V12.3, V12.3.1, and V13.3. The published impact is that a local attacker may elevate privileges within the DeltaV control system. NVD classifies the issue as CVSS 6.8 (Medium) with a vector that includes adjacent access, high attack complexity, high privileges, no user interaction, and scope change.
