This afternoon the DHS ICS-CERT published another HART
DTM advisory, this time for systems from Honeywell. This new advisory lists
the affected Honeywell systems and reports that Honeywell has validated the
CodeWrights fix in their equipment. Honeywell has made a patch available.
I guess that ICS-CERT has decided against listing
all of the vulnerable systems in the CodeWrights advisory as they had originally
reported. I can see pros and cons for either method of reporting.
I won’t describe these vulnerabilities in detail
when I report them; no sense in just repeating the same words each time.
Instead, I’ll just refer back to the original
Emerson advisory since that is the only one so far to specifically mention
physical security of the communications loop.
Posts
No comments:
Post a Comment