Schneider Electric IMT25 DTM Vulnerability
Low RiskICS-CERT ICSA-15-223-01May 14, 2015
Summary
Schneider Electric IMT25 Magnetic Flow DTM (Device Type Manager) module contains a buffer overflow vulnerability (CWE-119) in versions 1.500.000 and earlier. The vulnerability allows remote code execution when a specially crafted message is sent to the affected device.
What this means
What could happen
An attacker who reaches your IMT25 flow meter could execute arbitrary code on the device, potentially disrupting flow measurement data or causing erratic readings that could lead to incorrect process control decisions in your water or energy distribution system.
Who's at risk
Energy and water utilities operating Schneider Electric IMT25 Magnetic Flow DTM modules for flow measurement in critical infrastructure. This affects any plant where magnetic flow meters are used to monitor water, steam, or liquid hydrocarbon flows in pipelines or process lines.
How it could be exploited
An attacker on the network could send a malformed packet or message to the IMT25 device on the port where it listens for device communications. A buffer overflow in message processing could allow them to inject and run arbitrary commands on the device, affecting its measurement or control functions.
Prerequisites
- Network access to the IMT25 device communication port
- Device running vulnerable firmware version 1.500.000 or earlier
- No authentication required to send malicious messages
remotely exploitableno authentication requiredbuffer overflow vulnerabilityno patch availableend-of-life product
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
IMT25 Magnetic Flow DTM: <=1.500.000≤ 1.500.000No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate IMT25 devices behind a firewall or network access control list (ACL) to restrict communication to only authorized engineering workstations and control systems
HARDENINGImplement network segmentation to place IMT25 meters on a dedicated Ethernet segment separate from general IT networks
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor network traffic to and from IMT25 devices for abnormal message patterns or unexpected connections
Long-term hardening
0/1HOTFIXIf possible, upgrade to a newer Schneider Electric flow measurement device that receives vendor security support
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/75d44be4-0127-43d2-9c45-59a8715658bf