EUVD-2015-6404

Malware in sbrugna...

ABB HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in ABB’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which ABB have begun to integrate. AFFECTE...

Yokogawa HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...

Pepperl+Fuchs Hart Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in PEPPERL+FUCHS HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Pepperl+Fuchs has begun ...

Honeywell HART DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in Honeywell’s HART DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Honeywell validated and released for...

Magnetrol HART DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input validation vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library extension utilized by some Magnetrol products. CodeWrights GmbH has updated its software library to mitigate this vulnerability...

CodeWrights GmbH HART DTM Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...

CodeWrights GmbH HART DTM Vulnerability

OVERVIEW Independent researcher Alexander Bolshev has identified an improper input validation vulnerability in CodeWrights GmbH HART Device Type Manager DTM libraries. CodeWrights GmbH produces DTM libraries for vendors of HART DTM products. CodeWrights GmbH has updated the libraries that mitigat...

CodeWrights GmbH HART DTM Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-012-01 CodeWrights GmbH HART DTM Vulnerability that was published January 12, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Alexander Bolshev has identified an improper input validation...

CodeWrights GmbH HART Device DTM Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01B CodeWrights GmbH HART DTM Vulnerability that was published January 27, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...

Emerson HART DTM Vulnerability

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-008-01 Emerson HART DTM Vulnerability that was published January 8, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights...

CVE-2015-6463

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

Xxe

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

CVE-2015-6463

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

CVE-2015-6463

CVE-2015-6463 concerns CodeWrights HART Comm DTM components used with Endress+Hauser FieldCare. The vulnerability arises from processing a longtag XML schema containing an external entity declaration and an entity reference (XXE), enabling a remote attacker to read arbitrary files, issue HTTP req...

Endress+Hauser Fieldcare/CodeWrights HART Comm DTM XML Injection Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified a vulnerability within Endress+Hauser HART DTM software libraries. The vulnerability is in handling of the HART longtag response field in Endress+Hauser’s Fieldcare and CodeWrights HART Comm DTM. Endress+Hauser Process Solutions AG and...

Endress+Hauser HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in Endress+Hauser HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which...

CodeWrights 'HART DTM' Library Local Denial of Service Vulnerability

HART Device Type Manager is a device type manager. A local denial of service vulnerability exists in CodeWrights 'HART DTM' Library, which can be exploited by local attackers to launch denial of service attacks...

CVE-2014-9191

The CodeWrights HART Device Type Manager DTM library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service DTM outage and FDT Frame application hang by transmitting crafted response packets on the 4-20 mA current loop...

Design/Logic Flaw

The CodeWrights HART Device Type Manager DTM library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service DTM outage and FDT Frame application hang by transmitting crafted response packets on the 4-20 mA current loop...