Honeywell Midas Gas Detector Vulnerabilities

Plan PatchCVSS 9.4ICS-CERT ICSA-15-309-02Aug 8, 2015

HoneywellOil & gas

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Honeywell Midas gas detectors (version 1.13b1 and earlier, Midas Black version 2.13b1 and earlier) contain path traversal and cleartext transmission vulnerabilities. An attacker with network access can read sensitive files and configuration data from the detector without authentication (CWE-22) and intercept or modify unencrypted communications (CWE-319). These vulnerabilities allow an attacker to disable gas detection functionality, modify alarm thresholds, or prevent the detector from alerting operators to hazardous gas conditions. Honeywell has not released patches for these products and does not plan to fix these vulnerabilities.

What this means

What could happen

An attacker with network access to a Midas gas detector could read sensitive configuration data, modify detector settings to disable alarms, or cause the detector to stop functioning, potentially leaving hazardous gas leaks undetected in oil and gas facilities.

Who's at risk

Oil and gas facilities using Honeywell Midas gas detectors for personnel safety and process monitoring. This includes refineries, production platforms, processing plants, and any facility relying on Midas detectors to alert operators to hazardous gas concentrations (hydrogen sulfide, methane, combustible gases).

How it could be exploited

An attacker sends unencrypted requests over the network to the Midas detector's communication port without requiring authentication. The attacker can read files and configuration data stored on the device (CWE-22: path traversal) and intercept or modify unencrypted communications (CWE-319: cleartext transmission). By altering detector settings, the attacker could disable gas detection or modify alarm thresholds.

Prerequisites

Network access to the Midas detector on its communication port
No credentials required
Detector must be reachable from the attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Midas gas detector: <=1.13b1≤ 1.13b1No fix (EOL)

Midas Black: <=2.13b1≤ 2.13b1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network segmentation to isolate Midas detectors from untrusted networks and external access

WORKAROUNDDeploy firewall rules to restrict network access to Midas detectors—allow only authorized engineering workstations and monitoring systems to communicate with the detectors

HARDENINGDisable remote access to Midas detectors if not required for operations; use local engineering tools only when necessary

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from Midas detectors for unauthorized access attempts

CVEs (2)

CVE-2015-7907 CVE-2015-7908

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/970578c8-d41d-4f3c-b57e-3e81df3e65e1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.