OTPulse
FeedAboutContact

CodeWrights GmbH HART DTM Vulnerability (Update B)

Low RiskICS-CERT ICSA-15-012-01BOct 15, 2015
Summary

CodeWrights GmbH DTMStudio contains an improper input validation flaw (CWE-20) in versions prior to 1.5.151. The application fails to properly validate user-supplied input, which could allow an attacker to send malformed data that bypasses validation checks. This could result in unauthorized modification of HART device parameters and configurations through the DTMStudio interface.

What this means
What could happen
An attacker with network access to DTMStudio could send malformed input that bypasses validation checks, potentially allowing unauthorized changes to HART device configurations or parameters in your automation environment.
Who's at risk
Engineers and technicians who use DTMStudio to configure and maintain HART-enabled field instruments (transmitters, valve positioners, pressure sensors) in water treatment, wastewater, power generation, and oil & gas operations should be aware of this vulnerability affecting versions before 1.5.151.
How it could be exploited
An attacker on the same network segment as DTMStudio sends crafted, improperly formatted data to the application. DTMStudio fails to validate the input due to the CWE-20 flaw, allowing the malicious data to be processed and potentially applied to connected HART devices.
Prerequisites
  • Network access to DTMStudio application
  • DTMStudio version below 1.5.151
No patch availableInput validation flaw
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
DTMStudio: <1.5.151<1.5.151No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDImplement firewall rules to restrict network access to DTMStudio to authorized engineering workstations only
Mitigations - no patch available
0/2
DTMStudio: <1.5.151 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate DTMStudio workstations on a separate engineering network segment with restricted access controls
HARDENINGMonitor DTMStudio activity logs for suspicious configuration changes to HART devices
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/195d1f97-14d8-458a-94ce-5ce977ca3b34
CodeWrights GmbH HART DTM Vulnerability (Update B) - OTPulse