GE and MACTek HART Device DTM Vulnerability (Update A)

Low RiskICS-CERT ICSA-15-036-01ANov 8, 2015

Summary

A stack buffer overflow vulnerability exists in HART device DTM software from GE and MACTek. The vulnerability is located in Device Type Manager applications used to configure and communicate with HART field instruments including positioners, transmitters, and related devices. Affected products include MACTek Bullet DTM version 1.00.0, GE Vector DTM version 1.00.0, GE SVi1000 Positioner DTM version 1.00.0, GE SVI II AP Positioner DTM version 2.00.1, and GE 12400 Level Transmitter DTM version 1.00.0. No vendor patches are available.

What this means

What could happen

A stack buffer overflow in HART device DTM (Device Type Manager) software could allow an attacker to execute arbitrary code on engineering workstations or configuration tools that interact with these devices, potentially enabling unauthorized changes to device settings or control logic.

Who's at risk

Water utilities and power plants that use GE or MACTek HART-enabled field instruments such as pressure transmitters, level transmitters, temperature sensors, and positioners rely on DTM software to configure and maintain these devices. Engineering and maintenance staff who interact with these tools are directly affected. Facilities using HART device configuration tools for commissioning, troubleshooting, or maintenance activities are at risk.

How it could be exploited

An attacker would need to craft a malicious HART message or device configuration that triggers a stack buffer overflow in the DTM software running on an engineering workstation. This could occur when the workstation communicates with affected GE or MACTek HART devices during configuration, commissioning, or maintenance activities. Successful exploitation would allow code execution in the context of the engineering tool.

Prerequisites

DTM software installed on engineering workstation or configuration PC
Network or serial connectivity to affected HART device
User opens or interacts with malicious device configuration data or communicates with compromised device

Buffer overflow vulnerability (stack-based)No patch available - products not being updatedAffects engineering workstations used in OT environmentsLow EPSS score (0.8%) suggests limited exploitation likelihood

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (5)

5 pending

ProductAffected VersionsFix Status

MACTek’s Bullet DTM: 1.00.01.00.0No fix yet

GE’s Vector DTM: 1.00.01.00.0No fix yet

GE’s SVi1000 Positioner DTM: 1.00.01.00.0No fix yet

GE’s SVI II AP Positioner DTM: 2.00.12.00.1No fix yet

GE’s 12400 Level Transmitter DTM: 1.00.01.00.0No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDReview and validate all HART device configurations before deployment; use only configurations from trusted sources

Long-term hardening

0/3

HARDENINGIsolate engineering workstations running HART DTM tools from untrusted networks; restrict access to these systems and devices to authorized personnel only

HARDENINGImplement network segmentation between engineering workstations and production HART devices to limit lateral movement if a workstation is compromised

HARDENINGMonitor engineering workstations for unexpected process behavior or unauthorized device configuration changes

CVEs (1)

CVE-2014-9203

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ebcd208b-6545-4952-942e-88bb9da9d981