GE, MACTek Integrate HART DTM Fix

Friday, February 6, 2015 @ 05:02 PM gHale

GE addressed the HART Device Type Manager (DTM) improper input vulnerability with a new library. GE tested the new library to validate that it resolves the vulnerability, according to a report on ICS-CERT.

The vulnerability, discovered by independent researcher Alexander Bolshev, affected the GE and the MACTek’s HART Device DTM. Both companies started to integrate the new library.

Pepperl+Fuchs Integrating Hart DTM Fix
HART DTM Vulnerability a Small Risk
Update to NTP Vulnerabilities
Ruggedcom Vulnerabilities Fixed

The following products use the vulnerable HART DTM library and are affected:
• MACTek’s Bullet DTM 1.00.0
• GE’s Vector DTM 1.00.0
• GE’s SVi1000 Positioner DTM 1.00.0
• GE’s SVI II AP Positioner DTM 2.00.1
• GE’s 12400 Level Transmitter DTM 1.00.0

The vulnerability causes a buffer overflow in the HART Device DTM crashing the Field Device Tool (FDT) Frame Application. The Frame Application must then restart. The Frame Application’s primarily use is for remote configuration. Exploitation of this vulnerability does not result in loss of information, control, or view by the control system of the HART devices on the 4-20 mA HART Loop.

GE is a U.S.-based company that maintains offices in several countries around the world. MACTek is a U.S.-based company headquartered in Ohio.

The affected product is the DTM library used by GE and MACTek HART-based field devices in the FDT/DTM Frame Application. According to MACTek and GE, these products see action across multiple critical infrastructure sectors. MACTek and GE estimate that these products see use globally.

Successful injection of specially crafted packets to the Device DTM causes a buffer overflow condition in the Frame Application. The FDT Frame Application becomes unresponsive, and the Device DTM stops functioning.

CVE-2014-9203 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 1.8.

This exploit on the FDT/DTM Frame Application is possible from any adjacent network that receives or passes packets from the HART Device DTM.

No known public exploits specifically target this vulnerability. This is a complex vulnerability. Crafting a working exploit for this vulnerability would be difficult. Compromised access that allows access to the packets transmitted to Frame Application is mandatory for exploitation. This exploit also requires a specific timing to crash the Frame Application. This increases the difficulty of a successful exploit.

GE released an advisory and update addressing the GE HART Device DTMs.

Click here for the advisory.

The update can download here.

Click here for the MACTek update.

The updated DTM versions are as follows:
• Bullet DTM 1.00.1
• Vector DTM 1.00.1
• SVi1000 DTM 1.00.1
• SVI II AP Positioner DTM 2.10.1
• 12400 DTM 1.00.1

Leave a Reply

You must be logged in to post a comment.