ICS-CERT Publishes an update to an N-Tron advisory published earlier this year and two new advisories for products from EasyIO and Endress+Hauser.
This update reports that Red Lion has produced a firmware update that mitigates the vulnerability and that the researcher who initially reported the vulnerability, Neil Smith, has verified the efficacy of the fix. The update reports that the update allows the end user to upload unique keys/certificates to the unit and this required a re-write of the user manual. The new manual is available here.
NOTE: This update is not on the main ICS-CERT web page so, unless you follow @ICSCERT on Twitter (or of course read this blog) you would not know about this update.
This advisory describes a hard-coded credential vulnerability in the EasyIO-30P-SF controller. The vulnerability was reported by Maxim Rupp. EasyIO has produced a patch that mitigates the vulnerability and Rupp has verified the efficacy of the fix. This advisory was originally released on the US-CERT Secure Portal on August 25th and is probably one of the advisories on that Portal that I reported on earlier this month.
ICS-CERT notes that this controller is “used in a number of DDC systems worldwide”. With this in mind a supplement has been issued to this advisory that lists a number of the OEM partners (and their devices) that are affected by this vulnerability. It also lists separate actions taken by those partners to mitigate this vulnerability.
ICS-CERT reports that a relatively low skilled attacker could remotely exploit this vulnerability to gain complete access to the controller.
This advisory describes an XML code injection vulnerability in Endress+Hauser Fieldcare used in conjunction with CodeWright HART Comm DTM. The vulnerability was reported by Alexander Bolshev of Digital Security. Endress+Hauser and CodeWright have each produced updates that work together to mitigate this vulnerability. Bolshev has verified the efficacy of the fix.
ICS-CERT reports that a relatively low skilled attacker on an adjacent network that receives HART DTM packets could exploit this vulnerability.
Question: How many other device manufacturers have a similar problem that would interact with the CodeWright HART Comm DTM to produce the same vulnerability? I am afraid that there is nothing in this advisory that would allow anyone to answer that question with any accuracy.