OTPulse
FeedAboutContact

Host Engineering Communications Module

Monitor6.5ICS-CERT ICSA-22-263-04Sep 20, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The H0-ECOM100 Communications Module contains a buffer overflow vulnerability (CWE-121) that can be triggered by a malformed network packet. Successful exploitation crashes the module, resulting in a denial-of-service condition that disrupts communication between the PLC and connected HMIs or remote devices. Affected firmware versions: v5.0.155 and prior.

What this means
What could happen
An attacker with access to the network could send a specially crafted message to the H0-ECOM100 communications module, causing it to crash and stop relaying data between the PLC and HMI or other control devices, disrupting process monitoring and command delivery.
Who's at risk
Water utilities, electric utilities, and other water/wastewater treatment plants that use Host Engineering PLCs with H0-ECOM100 communications modules for Ethernet-based control system connectivity. This affects any facility where the ECOM100 bridges the PLC to HMIs, remote monitoring systems, or other networked devices.
How it could be exploited
An attacker on the network segment where the H0-ECOM100 is installed sends a malformed packet designed to trigger a buffer overflow. The module crashes, severing communication between the PLC and connected HMIs or remote devices until the module is manually restarted.
Prerequisites
  • Network access to the H0-ECOM100 Ethernet port
  • No credentials or authentication required
  • Device must be connected to network and operating
remotely exploitableno authentication requiredlow complexitydenial of service impactaffects communications infrastructure
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
H0-ECOM100 Communications Module: Firmware v5.0.155 and prior≤ 5.0.1555.0.156 or later
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGIsolate control system networks with firewalls and prevent Internet-facing access to the H0-ECOM100
WORKAROUNDDisable or disconnect the H0-ECOM100 from the network if it cannot be updated and is not actively needed for operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate H0-ECOM100 firmware to version 5.0.156 or later using NetEdit3 utility
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8411e1c4-3673-4d33-8c37-ed741dd377d3
Host Engineering Communications Module | CVSS 6.5 - OTPulse