SECURITY BULLETIN - HART Vulnerability in ABB Third Party Device Type Library

Similar documents
Cyber Security Advisory

Cyber Security Advisory

Device Management Basic HART DTM 6.0 Installation

S900 I/O DTM 6.x. System Version 6.0. Power and productivity for a better world TM

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

System 800xA 800xA for Freelance VB Graphics Extension Installation

System 800xA Engineering

Engineering Manual Security Lock

System 800xA 800xA for Freelance Product Guide

System 800xA. Engineering and Production Environments. Power and productivity for a better world TM. System Version 5.1

Windows Security Updates for August (MS MS06-051)

System 800xA Public Address System User Manual

PPLib800xA Sentinel Product Guide

Ruckus Wireless Security Advisory ID FAQ

Security Advisory Relating to OpenSSL Vulnerability Heartbleed on Various Polycom Products

May 2014 Product Shipping Configuration Change Notice

Tech Announcement 2018_1

Security Advisory Relating to Worldwide Botnet Dialing H.323-Capable Systems

Inform IT. Enterprise Historian TM and Profile Historian. Release Notes. Version 3.2/1 Patch 4 for History Services

Security Bulletin Relating to Worldwide Botnet Dialing H.323-Capable Systems

SCADAvantage Version Product update

ABB ABB Oy, Distribution Automation

800xA History 800xA History Rollup 2 Version RU2 Release Notes

Functional Description DOC01 - Digital Operator Control Version 5.2-0

S800 I/O DTM 6.0. System Version 6.0. Power and productivity for a better world

Release Information. Revision History. Version: build 018 Release Date: 23 rd November 2011

Device Management HART DTM Builder 6.0

VideONet Connect for 800xA User Manual

Oil and Gas SCADAvantage TM Product Update version ABB

Device Management PROFIBUS DTM Builder 6.0

Product Release Information

System 800xA Maintenance

November 2014 Product Shipping Configuration Change Notice

Security testing ain t no functional testing

Oil and Gas SCADAvantage TM Product Update version 5.6.2

October 2015 Product Shipping Configuration Change Notice

DFS Configuration and Best Practices Nasuni Corporation Boston, MA

Polycom Updater Release Notes Applies to SoundStation IP 6000 and IP 7000

Functional Description Total01 - Totalizer Version 5.2-0

Polycom Updater Release Notes

Site Impact Policies for Website Use

Workshop 4 Installation INSTALL GUIDE. Document Date: February 4 th, Document Revision: 1.1

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.4

Product Support Notice

Microcat Authorisation Server (MAS ) User Guide

SecureAssist Eclipse Plugin User Guide December 2015

Avast Customer & Technical Support Policy

ESS Utility Android App User Guide

Functional Description Totalizer01 - Totalizer with Shift Version 5.2-0

Customer Support: For more information or support, please visit or at Product Release Information...

System 800xA Multisystem Integration

System 800xA Engineering Engineering Studio Function Designer Getting Started

TERMS & CONDITIONS. Complied with GDPR rules and regulation CONDITIONS OF USE PROPRIETARY RIGHTS AND ACCEPTABLE USE OF CONTENT

Stonesoft User Agent. Release Notes for Version 1.1.3

AhnLab Software License Agreement

ABB Robotics. Application manual Mechanical Unit Manager

SecureAssist IntelliJ Plug-in User Guide June 2016

ENTERPRISE ENDPOINT COMPARATIVE REPORT

DDR. User s Guide ND040012E. We reserve all rights in this document and in the information contained therein. Copyright 2014 Newcon Data AB

System 800xA Spanish Language Package Release Notes System Version 6.0

SmartList Builder for Microsoft Dynamics GP 10.0

Copyright NeoAccel Inc. SSL VPN-Plus TM. NeoAccel Management Console: Firewall version 2.3

AN S1401 Using BlueMod+S as Beacon

Application Note ABB PM583 PLC with Control Builder Plus

ivms-5200 Mobile Surveillance V1.1.0 Port List

July 2017 Product Shipping Configuration Change Notice

Address Postscript and DLM Vulnerabilities v1.1 03/07/12

Polycom RealPresence Media Manager

TERMS OF USE of the WEBSITE

RE866 Interface User Guide

TRADEMARKS AND COPYRIGHT. Trademarks. Copyright. Disclaimer

Five Key Considerations When Implementing Secure Remote Access to Your IIoT Machines. Blanch Huang Product Manager

Intel Analysis of Speculative Execution Side Channels

GS2K External Flash based Host Firmware Update Application Note NT11608A Rev

Client Side Content Screening Framework Architecture

USB Personal Video Recorder. USB Hybrid TV Tuner. (USB2.0 / 1.1 PNP TV Capture Box) UAD-880 User s Guide

Tisio CE Release Notes

Price List Utilities. For Dynamics CRM 2016

800xA History. Installation. Power and productivity for a better world TM. System Version 6.0

Configuring Symantec. device

Lightweight Machine to Machine Architecture

ComAPI+ API Documentation

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

ADVANCED ENDPOINT PROTECTION TEST REPORT

Operating Instructions

ivms-5200 Mobile Surveillance V1.1.0 FAQ

Corporate Registry: Access Code Guide. Corporate Registry

Security Advisory IP Camera Vulnerability December

IPNexus Server Secure Instant Messaging & Integrated Collaboration

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.2

NEXT GENERATION FIREWALL. Tested Products. Environment. SonicWall Security Value Map (SVM) JULY 11, 2017 Author Thomas Skybakmoen

Enabler Release Definition for Parlay Service Access

System 800xA. Post Installation. Power and productivity for a better world TM. System Version 5.1

MySonicWall Secure Upgrade Plus

Terminal I/O Profile Client Implementation Guide

Functional Description DIS01 - Digital Input Signal Version 5.2-0

StoneGate IPsec VPN Client Release Notes for Version 4.2.0

Made in U.S.A. 1

800xA Networks. NE801 User Manual. Power and productivity for a better worldtm

Transcription:

SECURITY BULLETIN - HART Vulnerability in ABB Third Party Device Type Library Notice The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners. Copyright 2015 ABB. All rights reserved. Affected Products Vulnerability ID ABB Third Party Device Type Library - Version 1.17 and all earlier for usage with 800xA - Device Management HART Freelance ABB 3rd Party HART DTMLibrary Version 1.4.178.214 and all earlier for usage with Freelance 800F S Plus Melody ABB 3rd Party HART DTMLibrary Version 1.4.175.185 and all earlier for usage with Symphony Plus with Composer Melody, S+Engineering for Melody, and Composer Field. ABBVU-PACT- 2PAA114210 Summary ABB is aware of public reports of a vulnerability in a SW component that ABB Third Party Device Type Library is based on. An update is available that resolves a publicly reported vulnerability in the underlying SW of the product versions listed above. An attacker who successfully exploited this vulnerability could cause the software used for field device configuration (FDT Frame Application) in above ABB systems to stop. The software is used for configuration or monitoring purposes only. No loss of information or loss of control or view by the control system results from an attacker successfully exploiting this vulnerability. Doc. Id. 2PAA114210 Rev. - Date. 2015-02-11 1 (6)

Severity rating The severity rating for this vulnerability is Low, with the overall CVSS score 1.8 (the CVSS vector string is AV:A/AC:H/AU:N/C:N/I:N/A:P/E:ND/RL:ND/RC:ND). This assessment is based on the types of systems that are affected by the vulnerability, how difficult it is to exploit, and the effect that a successful attack exploiting the vulnerability could have. Corrective Action or Resolution Vulnerability Details The problem is corrected in the following product versions: ABB Third Party Device Type Library - Version 1.19 for usage with 800xA - Device Management HART Freelance ABB 3rd Party HART DTMLibrary Version 1.4.180.225 for usage with Freelance 800F S Plus Melody ABB 3rd Party HART DTMLibrary Version 1.4.180.225 for usage with Symphony Plus with Composer Melody, S+Engineering for Melody, and Composer Field. ABB recommends that customers apply the update at earliest convenience For more details on the upgrade procedure, refer to Release Notes: 2PAA105430R20 System 800xA ABB Third Party Device Type Library V1.19 ReleaseNotes HART 2PAA107705R03 Freelance ABB 3rd Party HART DTMLibrary 1.4.180.225 2VAA101417R05 S Plus Melody ABB 3rd Party HART DTMlibrary 1.4.180.225 A vulnerability exists in the CodeWrights GmbH HART Device Type Manager (DTM) library included in the product versions listed above. An attacker could exploit the vulnerability by sending a malformed HART command response causing the DTM software to hang. The FDT Frame Application needs to be restarted to overcome the problem. The field device itself and other parts of the control system are not affected. This exploit is possible from the network between the FDT Frame application and the HART transmitter on the 4-mA to 20-mA current loop. Note that an attacker would require physical access to the HART loop or access to a compromised network between the HART loop and the FDT-Frame Application. In the latter case the encapsuation of the HART command response on different network layers would need to be understood to inject a malformed message. This increases the difficulty to expoit the vulnerability. Doc. Id. 2PAA114210 Rev. - Date. 2015-02-11 2 (6)

Mitigating Factors Workarounds Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems (including the 4..20 ma current loop for connecting field devices) are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Using a virus scanner on all Windows-based system nodes, with the latest updates and with on-access scanning enabled on all Windows-based system nodes, can help prevent infection by malicious or unwanted software. More information on recommended practices can be found in the following documents: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems Not applicable. Frequently asked questions What is the scope of the vulnerability? An attacker who successfully exploited this vulnerability could stop the FDT-Frame- Application and prevent further configuration or monitoring of field devices. What causes the vulnerability? The vulnerability is caused by an insufficient input validation for the communication data in Device Type Managers (DTM) of ABB Third Party Device Type Library running in the FDT-Frame-Application of the control system. What is the ABB Third Party Device Type Library? ABB Third Party Device Type Library is a library of Device Type Managers (DTMs) that ABB provides to configure and diagnose HART-field-devices from 3 rd party vendors when these are connected to ABB Control Systems. DTMs are drivers for the specific devices that provide the user interface to work with the field devices and run in so-called FDT- Frame-Applications. The applicable Frame-Applications from ABB are Fieldbus Builder HART of 800xA Device Management HART, Control Builder F of Freelance 800F, and Composer Melody, S+Engineering for Melody, and Composer Field.. Note: ABB Third Party Device Type Library is not an integral part of the Control Systems software. It is only available with the System when it has been installed explicitly, e.g. form the System s media or after download from ABB s Solutionbank. What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could cause the FDT-Frame- Application to stop on the node where a DTM out of ABB Third Party Device Type Library is running How could an attacker exploit the vulnerability? Doc. Id. 2PAA114210 Rev. - Date. 2015-02-11 3 (6)

An attacker could try to exploit the vulnerability by creating a malformed HART command response that is sent to the DTM. This would require that the attacker has access to the 4..20 ma current loop that the field device is connected to. Physical access to this current loop is required. Could the vulnerability be exploited remotely? No, the exploit requires physical access to the current loop is required or control over a system node in the communication chain between the HART loop and the FDT-Frame Application. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. What does the update do? The update removes the vulnerability by improving the input validation for the communication data in Device Type Managers (DTM) of ABB Third Party Device Type Library. When this security advisory was issued, had this vulnerability been publicly disclosed? Yes, this vulnerability has been publicly disclosed for different versions of the underlying SW component. When this security advisory was issued, had ABB received any reports that this vulnerability was being exploited? No, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued. Doc. Id. 2PAA114210 Rev. - Date. 2015-02-11 4 (6)

Acknowledgements ABB thanks the following for working with us to help protect customers: Alexander Bolshev of Digital Security for identifying the vulnerability of improper input to DTMs through the the 4-mA to 20-mA current loop. Support For additional information and support please contact your local ABB service organization. For contact information, see www.abb.com. Information about ABB s cyber security program and capabilities can be found at www.abb.com/cybersecurity. Doc. Id. 2PAA114210 Rev. - Date. 2015-02-11 5 (6)

1. REVISION Revision Page Description Date Dept/Init - all New document 11022015/DEATG/LTPF/blm Doc. Id. 2PAA114210 Rev. - Date. 2015-02-11 6 (6)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback