Critical Infrastructure Security, Patch/Configuration Management, Vulnerability Management

GE, MACTek update products using vulnerable HART DTM library

This week, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security advisory about a vulnerability in the HART Device Type Manager (DTM) library, which is used in GE and MACTek products.

Both GE and MACTek have released an update for the issue which impacts four GE products – the Vector DTM 1.00.0, SVi1000 Positioner DTM 1.00.0, SVI II AP Positioner DTM 2.00.1 and 12400 Level Transmitter DTM 1.00.0. MACTek's Bullet DTM 1.00.0 is also affected, the advisory said.

ICS-CERT noted that the aforementioned products are “deployed across multiple critical infrastructure sectors,” and that “successful injection of specially crafted packets to the Device DTM causes a buffer overflow condition in the Frame Application."

Successful exploitation can ultimately lead to the FDT Frame Application becoming unresponsive, and cause the Device DTM to stop functioning, the advisory explained.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.