Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products

ID THREATPOST:CB330635EF6327465888A85E1558D7DE
Type threatpost
Reporter Dennis Fisher
Modified 2015-08-28T17:15:44


There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by Swiss firm Endress+Hauser that can cause affected products to hang indefinitely.

The vulnerability affects dozens of products from Endress+Hauser, a company that makes products for a variety of industrial uses. The products are deployed in a wide range of critical infrastructure sectors. The bug lies in the DTM library, which is included in a huge number of the company’s products. An attacker who exploits the vulnerability could cause an application to become unresponsive.

The DTM library is produced by another firm, CodeWrights, which has released a new version of the library that fixes the vulnerability.

“Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager (DTM) library used in Endress+Hauser HART Device DTM,” an advisory from ICS-CERT says.

“The vulnerability could cause a buffer overflow in the HART Device DTM, crashing the Field Device Tool (FDT) Frame Application. The Frame Application must then be restarted to restore functionality. The Frame Application is used primarily for remote configuration. Exploitation of this vulnerability does not result in loss of information, control, or view by the control system of the HART devices on the 4-20 mA HART Loop.”

In order to exploit the vulnerability, an attacker would need to send a specially crafted packet to a vulnerable device, and the ICS-CERT advisory says that developing a working exploit for the bug would be a difficult task.

“This is a complex vulnerability. Crafting a working exploit for this vulnerability would be difficult. Compromised access that allows access to the packets transmitted to Frame Application is required for exploitation. This exploit also requires a specific timing to crash the Frame Application. This increases the difficulty of a successful exploit,” the advisory says.

Endress+Hauser has released a software update for its products, which customers can download from the company’s support site.