"Gas Chromatograph Hacking Could Have Serious Impact: Security Firm"

Security researchers at Claroty have recently disclosed the details of several vulnerabilities discovered in a gas chromatograph made by Emerson and warned that attacks could have a serious impact. A gas chromatograph is a chemical analysis instrument that measures the content of various components in a sample.  Such devices are used by hospitals in blood testing and by environmental facilities to measure air pollution.  The researchers found that Rosemount GC370XA, GC700XA, and GC1500XA products are affected by four vulnerabilities.  The list includes a critical command injection that allows an unauthenticated attacker with network access to remotely execute arbitrary commands with root privileges.  It also consists of a high-severity issue that allows an unauthenticated network attacker to bypass authentication and obtain admin capabilities. The remaining vulnerabilities have been classified as medium severity.  The researchers noted that one allows an unauthenticated attacker to obtain sensitive information or cause a DoS condition, and one allows an authenticated attacker to run arbitrary commands.  The researchers say that compromising such devices can have a tremendous impact on various industries.  In the food and beverage sector, attacks against a food processing company’s gas chromatographs could prevent the accurate detection of bacteria and bring a process chain to a halt.  Similar attacks against a hospital’s chromatographs would disrupt testing of blood and other patient samples.  The vendor has announced the availability of firmware updates that should patch the vulnerabilities.  

SecurityWeek reports: "Gas Chromatograph Hacking Could Have Serious Impact: Security Firm"