Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products

Author: Dennis Fisher
minute read

There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by German firm Endress+Hauser that can cause affected products to hang indefinitely.

There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by Swiss firm Endress+Hauser that can cause affected products to hang indefinitely.

The vulnerability affects dozens of products from Endress+Hauser, a company that makes products for a variety of industrial uses. The products are deployed in a wide range of critical infrastructure sectors. The bug lies in the DTM library, which is included in a huge number of the company’s products. An attacker who exploits the vulnerability could cause an application to become unresponsive.

The DTM library is produced by another firm, CodeWrights, which has released a new version of the library that fixes the vulnerability.

“Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager (DTM) library used in Endress+Hauser HART Device DTM,” an advisory from ICS-CERT says.

“The vulnerability could cause a buffer overflow in the HART Device DTM, crashing the Field Device Tool (FDT) Frame Application. The Frame Application must then be restarted to restore functionality. The Frame Application is used primarily for remote configuration. Exploitation of this vulnerability does not result in loss of information, control, or view by the control system of the HART devices on the 4-20 mA HART Loop.”

In order to exploit the vulnerability, an attacker would need to send a specially crafted packet to a vulnerable device, and the ICS-CERT advisory says that developing a working exploit for the bug would be a difficult task.

“This is a complex vulnerability. Crafting a working exploit for this vulnerability would be difficult. Compromised access that allows access to the packets transmitted to Frame Application is required for exploitation. This exploit also requires a specific timing to crash the Frame Application. This increases the difficulty of a successful exploit,” the advisory says.

Endress+Hauser has released a software update for its products, which customers can download from the company’s support site.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.