Magnetrol Integrates HART DTM Update

Wednesday, January 28, 2015 @ 01:01 PM gHale


Magnetrol integrated the CodeWrights GmbH software library update to mitigate an improper input validation vulnerability in the HART Device Type Manager (DTM), according to a report on ICS-CERT.

The following Magnetrol products can use the vulnerable HART DMT library extension, discovered by Independent researcher Alexander Bolshev:
• Eclipse Model 705 Guided Wave Radar transmitter (Firmware Version 3.x)
• Echotel Model 355 Ultrasonic transmitter (Firmware Version 1.x)
• Model R82 Pulse Burst Radar Transmitter (Firmware Versions 1.x and 2.x)
• Thermatel Model TA2 Thermal Mass Flowmeter (Firmware Version 2.x)

RELATED STORIES
Update on HART DTM Vulnerability
Siemens Fixes SIMATIC Vulnerability
Siemens Updates Switch Vulnerabilities
Schneider Fixes HMI Gateway Holes

The vulnerability causes the HART DTM component to crash and also causes the HART service to stop responding. No loss of information or loss of control or view by the control system results from an attacker successfully exploiting this vulnerability.

Aurora, IL-based Magnetrol maintains offices in several countries around the world, including the U.S., Belgium, Brazil, China, and the United Arab Emirates.

The affected products are field devices using HART protocol. According to Magnetrol, these products deploy across multiple critical infrastructure sectors worldwide.

By sending specially crafted response packets to the 4 mA to 20 mA current loop, the DTM component stops functioning, and the FDT Frame application becomes unresponsive.

CVE-2014-9191 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 1.8.

This exploit is possible from any adjacent network between the FDT/DTM frame application and the HART transmitter on the 4 mA to 20 mA current loop.

No known public exploits specifically target this vulnerability.

Crafting a working exploit for this vulnerability would be difficult. Compromised access at any point between the HART transmitter and Frame Application with DTM will allow a malicious user to unencapsulate, modify, re-encapsulate and send malicious packets. This exploit requires timing the spoofed response to crash the FDT/DTM components. This increases the difficulty of a successful exploit.

Magnetrol has updated the software library impacted. Click here to download the update.



Leave a Reply

You must be logged in to post a comment.