Today the DHS ICS-CERT published a new advisory
for the vulnerability they
reported in the Emerson HART DTM last week. The difference is that instead
of just limiting the advisory to Emerson HART DTM they are extending it to all
versions of the DTM that use the same DTM libraries produced by CodeWrights.
Specifically they include HART systems from:
● ABB,
● Berthold
Technologies,
● Emerson,
● Endress+Hauser,
● Magnetrol, and
● Pepperl+Fuchs.
As with the revised advisory published on Friday,
ICS-CERT claims that there are no publicly available exploits of these
vulnerabilities. CodeWrights has developed a new version of the library and
Emerson has tested the library to validate its efficacy. No one has apparently
asked the original researcher, Alexander Bolshev, to validate the new library
efficacy.
At this point it seems that only Emerson has fixed
the vulnerability in their use of the libraries. ICS-CERT states that it will
update this advisory when additional reports of fixes have been provided. They
also note that CodeWrights is only providing the updated libraries to ‘customers
with current support agreements’. This would seem to suggest that other vendors
with HART applications may be using the same affected libraries.
Posts
No comments:
Post a Comment