This afternoon the DHS ICS-CERT published another HART DTM advisory, this time for systems from Honeywell. This new advisory lists the affected Honeywell systems and reports that Honeywell has validated the CodeWrights fix in their equipment. Honeywell has made a patch available.
I guess that ICS-CERT has decided against listing all of the vulnerable systems in the CodeWrights advisory as they had originally reported. I can see pros and cons for either method of reporting.
I won’t describe these vulnerabilities in detail when I report them; no sense in just repeating the same words each time. Instead, I’ll just refer back to the original Emerson advisory since that is the only one so far to specifically mention physical security of the communications loop.