OTPulse
FeedAboutContact

CodeWrights GmbH HART Device DTM Vulnerability (Update C)

Low RiskICS-CERT ICSA-15-012-01COct 15, 2015
Summary

CodeWrights DTMStudio contains an input validation vulnerability in HART protocol packet handling (CWE-20). Malformed HART protocol messages sent to DTMStudio could cause the application to crash or behave unpredictably, disrupting communication with connected field instruments. The vulnerability affects DTMStudio versions prior to 1.5.151. No patch is currently available from the vendor.

What this means
What could happen
An attacker could send malformed HART protocol messages to the DTM, potentially causing the application to crash or behave unpredictably, disrupting communication with field instruments.
Who's at risk
This affects water and wastewater utilities, refineries, chemical plants, and other process industries that use CodeWrights DTMStudio software to configure and communicate with HART-enabled field instruments such as pressure transmitters, temperature sensors, and control valves.
How it could be exploited
An attacker with network access to the DTMStudio application could send specially crafted HART protocol packets that fail input validation, causing the application to crash or malfunction and disrupting instrument configuration and monitoring.
Prerequisites
  • Network access to DTMStudio application port
  • Ability to send HART protocol packets to the device
no patch availableaffects instrument communication software
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
DTMStudio: <1.5.151<1.5.151No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to DTMStudio using firewall rules to limit connections from known engineering workstations and devices
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor DTMStudio application logs for unexpected crashes or malformed HART packet receipts
Mitigations - no patch available
0/1
DTMStudio: <1.5.151 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to DTMStudio to authorized engineering and maintenance staff only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7480b339-d534-474b-a421-aaefdef40eb1