WirelessHART Flaws Found: Researchers

Wednesday, February 3, 2016 @ 03:02 PM gHale

There are vulnerabilities in products leveraging WirelessHART technology, researchers said.

WirelessHART is a wireless sensor networking technology based on the Highway Addressable Remote Transducer Protocol (HART). The technology is for field devices, which control valves and breakers, collect data from sensors, and monitor industrial environments. The installed base for HART devices is huge throughout the manufacturing automation industry.

GE Fixes SNMP/Web Interface Holes
Sauter Fixes moduWeb Vision Holes
Westermo Updates Switch Vulnerability
Rockwell Fixes PLC Buffer Overflow

Since the security holes it identified have not gone through the patch process, Applied Risk, a company that specializes in securing industrial control systems (ICS), hasn’t disclosed any details.

“Our research team was concerned to find a number of vulnerabilities in various WirelessHART components used across the globe. The majority of plants are unaware of the risks as security assessments at this level have often been overlooked,” said Jalal Bouhdada, founder and principal security consultant for Applied Risk in a published report in The Register.

“The risks this flaw pose reach far beyond financial loss.The loss of production is a significant issue for manufacturers, as are fines from customers if products aren’t delivered on time. The most serious risk, however, is the loss of life in the case of explosions, especially in hazardous environments,” Bouhdada said.

Some of the vendors whose products ended up affected are aware of the issue and are currently working on addressing the problem.

The vulnerable devices are in facilities across the world in various industries, and a majority of the plants using them are unaware of the risks and an attack would likely go undetected due to the lack of active monitoring systems at this level.

Applied Risk developed its own device designed to help manufacturers identify security flaws in the early stages of development.