EUVD-2014-9016

Malware in sbrugna...

Yokogawa HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...

Pepperl+Fuchs Hart Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in PEPPERL+FUCHS HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Pepperl+Fuchs has begun ...

GE and MACTek HART Device DTM Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper...

CodeWrights GmbH HART Device DTM Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01B CodeWrights GmbH HART DTM Vulnerability that was published January 27, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...

GE Fixes Buffer Overflow in DTM Library

GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM...

Buffer overflow

Buffer overflow in the Field Device Tool FDT Frame application in the HART Device Type Manager DTM library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote...

CVE-2014-9203

Buffer overflow in the Field Device Tool FDT Frame application in the HART Device Type Manager DTM library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote...

CVE-2014-9203

The CVE-2014-9203 issue is a buffer overflow in the HART DTM library used by GE and MACTek’s Field Device Tool (FDT) Frame Application, affecting Bullet DTM 1.00.0, Vector DTM 1.00.0, SVi1000 Positioner DTM 1.00.0, SVI II AP Positioner DTM 2.00.1, and 12400 Level Transmitter DTM 1.00.0. The vulne...

CodeWrights 'HART DTM' Library Local Denial of Service Vulnerability

HART Device Type Manager is a device type manager. A local denial of service vulnerability exists in CodeWrights 'HART DTM' Library, which can be exploited by local attackers to launch denial of service attacks...

CVE-2014-9191

CVE-2014-9191 is an improper input validation vulnerability in CodeWrights HART DTM libraries used by multiple vendors (ABB, Emerson, Honeywell, Magnetrol, Pepperl+Fuchs, etc.). A specially crafted response on the 4–20 mA loop can trigger a buffer overflow, causing the HART DTM component to crash...

ICS-CERT Advisory Warns of Schneider, Emerson Vulnerabilities

Industrial HMI software from Schneider Electric has been updated to patch a buffer overflow vulnerability that could be exploited by a remote attacker. The buffer overflow vulnerability was found in the Wonderware InTouch Access Anywhere Server v10.6 and v11. The server is human machine interface...