OTPulse
FeedAboutContact

GENIVI Alliance DLT

Act Now9.8ICS-CERT ICSA-21-147-01May 27, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

GENIVI Alliance DLT dlt-daemon contains a buffer overflow vulnerability (CWE-122) in packet processing that allows remote code execution or denial of service. Affected versions: dlt-daemon before 2.18.6. Successful exploitation does not require credentials or user interaction and can result in arbitrary code execution or application crash.

What this means
What could happen
An attacker with network access to dlt-daemon could execute arbitrary code on the device or crash the logging service, potentially disrupting diagnostic capabilities on industrial systems that rely on this service for monitoring and troubleshooting.
Who's at risk
This affects any industrial system, vehicle telematics platform, or embedded Linux device using the GENIVI DLT (Diagnostic Log and Trace) daemon for system logging and diagnostics. This is particularly relevant to OEMs and integrators building diagnostic or monitoring systems for vehicles, industrial controllers, and safety-critical equipment.
How it could be exploited
An attacker sends a malformed network request to the dlt-daemon service (typically listening on port 3490). The CWE-122 buffer overflow vulnerability in the packet processing logic allows the attacker to overwrite memory and inject executable code or trigger a crash without requiring any authentication or user interaction.
Prerequisites
  • Network access to dlt-daemon service (default port 3490)
  • dlt-daemon version below 2.18.6 installed and running
remotely exploitableno authentication requiredlow complexitybuffer overflow vulnerability (CWE-122)affects diagnostic and monitoring systems
Exploitability
Moderate exploit probability (EPSS 4.6%)
Affected products (1)
ProductAffected VersionsFix Status
dlt-daemon (diagnostic log and trace):< 2.18.62.18.6
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to dlt-daemon by firewall rules—limit connections to this service to trusted engineering workstations and management networks only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade dlt-daemon to version 2.18.6 or later if available from your vendor or system integrator
Long-term hardening
0/1
HARDENINGSegment your control system network from the business network and ensure dlt-daemon is not directly reachable from the Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ea03d269-5126-4c45-ab24-816a5a7cf626
GENIVI Alliance DLT | CVSS 9.8 - OTPulse