ABB HART Device DTM Vulnerability
Low RiskICS-CERT ICSA-15-069-02Dec 11, 2015
Summary
ABB HART Device Type Manager (DTM) libraries contain a buffer overflow vulnerability (CWE-120) in third-party HART device type files used across ABB's control system platforms. The vulnerability affects: ABB 800xA Device Management HART (all versions); Freelance 800F (all versions); Freelance Third-Party HART DTM Library (versions ≤1.4.178.214); Symphony Plus with Composer Melody (all versions); S+ Engineering for Melody (all versions); Composer Field (all versions); S Plus Melody Third-Party HART DTM Library (versions ≤1.4.175.185); and ABB Third-Party Device Type Library (versions ≤1.17). The buffer overflow could be triggered by processing malformed HART device files, potentially allowing arbitrary code execution in the context of the engineering application.
What this means
What could happen
A buffer overflow in HART device type manager (DTM) libraries could allow an attacker to execute arbitrary code on engineering workstations or servers managing ABB control systems. This could lead to unauthorized changes to device configurations, process parameters, or outright disruption of the control system.
Who's at risk
Organizations using ABB 800xA, Freelance, or Symphony Plus control system platforms for process automation, water treatment, power generation, or other critical infrastructure. Engineering workstations and servers running these systems with HART device management capabilities are at risk, particularly in environments where HART-enabled field devices are configured or commissioned.
How it could be exploited
An attacker would need to craft a malicious HART device file or network message targeting the DTM library on an engineering workstation or server. If the DTM library processes this input without proper bounds checking, the buffer overflow could overwrite memory and allow code execution with the privileges of the engineering software.
Prerequisites
- Access to a workstation or server running ABB 800xA, Freelance, Symphony Plus, or Composer software with HART DTM libraries
- Ability to provide or trigger processing of a malformed HART device file or message to the DTM library
- Engineering or administrative user context on the affected system
Buffer overflow vulnerability (CWE-120)Affects engineering workstations and control system serversNo patch available from vendorPotential for code execution with engineering privilegesLow exploit probability (0.1% EPSS) but high impact if exploited
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (8)
4 pending4 EOL
ProductAffected VersionsFix Status
800xA¾Device Management HART: vers:all/*All versionsNo fix yet
Freelance ABB Third-Party HART DTMLibrary: <=1.4.178.214≤ 1.4.178.214No fix yet
S Plus Melody ABB Third-Party HART DTMLibrary: <=1.4.175.185≤ 1.4.175.185No fix yet
S+Engineering for Melody: vers:all/*All versionsNo fix yet
ABB Third-Party Device Type Library: <=1.17≤ 1.17No fix (EOL)
Freelance 800F: vers:all/*All versionsNo fix (EOL)
Symphony Plus with Composer Melody: vers:all/*All versionsNo fix (EOL)
Composer Field: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDDisable HART DTM functionality if not required for operations
Mitigations - no patch available
0/3The following products have reached End of Life with no planned fix: ABB Third-Party Device Type Library: <=1.17, Freelance 800F: vers:all/*, Symphony Plus with Composer Melody: vers:all/*, Composer Field: vers:all/*. Apply the following compensating controls:
HARDENINGRestrict network access to engineering workstations running ABB control software; limit which systems can access HART device management interfaces
HARDENINGImplement input validation and file integrity checks before loading HART device type files into the DTM library
HARDENINGMonitor ABB and vendor communications for future security patches or updates
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4421aa5c-71cf-4d7e-b814-883e00d9dac2