Honeywell Updates Uniformance Fix

Thursday, July 14, 2016 @ 02:07 PM gHale


Honeywell patched a buffer overflow vulnerability resulting in a denial-of-service condition in the Uniformance Process History Database (PHD), according to a report with ICS-CERT.

In addition, affected processes identified by Lei ChengLin (Z-One) from Fengtai Technologies’ (Beijing) Security Research Team also ended up suffering from the remotely exploitable vulnerability.

RELATED STORIES
GE Clears Proficy Vulnerability
WECON Working on LeviStudio Fixes
Moxa Vulnerability on Discontinued Line
Siemens SIPROTEC Vulnerability Update

The vulnerability affects the following versions:
• Uniformance PHD, versions prior to R310.1.1.2
• Uniformance PHD, versions prior to R320.1.0.2
• Uniformance PHD, versions prior to R321.1.1

Successful exploitation of this vulnerability may cause processes running on the affected device to become unresponsive, resulting in a denial-of-service condition.

Honeywell is a U.S.-based company that maintains offices worldwide.

Uniformance PHD works with the DCS to provide a historian for engineering and business analytics. Uniformance PHD products see action across several sectors including chemical, critical manufacturing, energy, and water and wastewater systems. These products see use on a global basis.

A buffer overflow vulnerability ended up discovered in Network.dll that can cause these processes to become unresponsive requiring the affected device to restart. The Network.dll is in the following files: RDISERVER, RAPIServer, apiserver, and UDBServer.

CVE-2016-2280 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Honeywell released a new version of the Network.dll, which mitigates the buffer overflow vulnerability. The new version of the Network.dll is available in the following Uniformance PHD versions: R310.1.1.2, R320.1.0.2, and R321.1.1.

For more information about this vulnerability and how to apply the patches, please see Honeywell’s Security Notification SN 2016-01-27 under the support tab.