Hacking a $100K Gas Chromatograph without Owning One

This blog-style technical report describes Team82’s emulation-driven vulnerability research on the Emerson Rosemount 370XA gas chromatograph. Researchers extracted and emulated the device firmware to analyze its proprietary TCP/TLS protocol and discovered multiple flaws—most notably a command injection vulnerability (CVE-2023-46687) enabling unauthenticated remote code execution and an authentication bypass (CVE-2023-51761) allowing admin password reset. The report details the emulation steps, protocol structure, exploitation examples, and notes that Emerson addressed the issues and CISA published an advisory.