Pepperl+Fuchs Integrating Hart DTM Fix

Friday, February 6, 2015 @ 05:02 PM gHale

Pepperl+Fuchs is integrating a new library after a vulnerability ended up discovered in the CodeWrights GmbH HART Device Type Manager (DTM) library utilized in Pepperl+Fuchs’ HART Device DTM, according to a report on ICS-CERT.

The following products ended up developed with the vulnerable version of CodeWrights GmbH DTMStudio, discovered by independent researcher, Alexander Bolshev, and suffer from the issue.

HART DTM Vulnerability a Small Risk
Update to NTP Vulnerabilities
Ruggedcom Vulnerabilities Fixed
Siemens Fixes SCALANCE Hole

DTM collection Level Control DTM 1.0.28 and prior for the following products:
• Barcon PPC-M / LHC-M
• LHC-M51 / PPC-M51
• LHCR-51 / LHCS-51
• Pulscon LTC
• Pulscon LTC V4.XX

DTM Collection CorrTran DTM Version and prior for the following:
• CorrTran MV CMCM
• CorrTran AQUA CMCA

The vulnerability causes a buffer overflow in the HART Device DTM crashing the Field Device Tool (FDT) Frame Application. The Frame Application must then restart. The Frame Application primarily sees use for remote configuration. Exploitation of this vulnerability does not result in loss of information, control, or view by the control system of the HART devices on the 4-20 mA HART Loop.

Pepperl+Fuchs is an international company with headquarters in Mannheim, Germany. The company maintains offices worldwide. Pepperl+Fuchs manufactures products for fabrication and process automation including sensor manufacturing.

The affected products are HART-based field devices. According to Pepperl+Fuchs, these products deploy across multiple critical infrastructure sectors. Pepperl+Fuchs said these products see use globally.

Successful injection of specially crafted packets to the Device DTM causes a buffer overflow condition in the Frame Application. The FDT Frame Application becomes unresponsive, and the Device DTM stops functioning.

CVE-2014-9191 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 1.8.

This exploit on the FDT/DTM Frame Application is possible from any adjacent network that receives or passes packets from the HART Device DTM.

No known public exploits specifically target this vulnerability. This is a complex vulnerability. Crafting a working exploit for this vulnerability would be difficult. Compromised access that allows access to the packets transmitted to Frame Application is mandatory for exploitation. This exploit also requires a specific timing to crash the Frame Application. This increases the difficulty of a successful exploit.

Pepperl+Fuchs updated the software library for the DTM Collection Level Control DTM impacted. Click here for the updated software Version 1.0.29.

The DTM Collection CorrTran DTM does not have a software update at this time. Pepperl+Fuchs recommends to physically protect CorrTran MV and CorrTran AQUA installations to prevent any malicious connection to the HART loop.

Leave a Reply

You must be logged in to post a comment.