Security Experts:

Connect with us

Hi, what are you looking for?



Endress+Hauser Patches Vulnerability in ICS Products

Instrumentation and process automation company Endress+Hauser has patched a vulnerability affecting many of its field instruments.

Instrumentation and process automation company Endress+Hauser has patched a vulnerability affecting many of its field instruments.

The problem is an improper input validation vulnerability (CVE-2014-9191) in the CodeWrights HART Device Type Manager (DTM) library, which is used by several industrial control system (ICS) vendors. The flaw was discovered last year by researchers at Russia-based Digital Security.

CodeWrights addressed the vulnerability with the release of a new version of the library not long after researchers reported its existence. Endress+Hauser has started integrating the new library in its products.

An attacker can exploit the flaw to crash HART-based devices, but ICS-CERT noted in an advisory published this week that the vulnerability is difficult to exploit.

The security hole affects Cerabar, Deltabar, Deltapilot, Gammapilot, iTemp, Levelflex, Liquicap, Liquiline, Micropilot, Multicap, Omnigrad, Nivotester, Promag, Promass, Prosonic, Prothermo, Prowirl, and other transmitters and devices from Endress+Hauser.

One of the first ICS vendors to start using the patched CodeWrights library was Emerson, which announced the integration of the new library in January.

Alexander Bolshev, one of the Digital Security researchers involved in this project, told SecurityWeek in January that this is a medium to low risk vulnerability that can only be exploited by an attacker that has physical access to the targeted system.

“To trigger the vulnerability, the attacker should have an ability to alter the packet on the way from the field device to the DTM component. How it could be done depends on the actual ICS infrastructure. E.g. this could be done by MiTMing the field device on the HART current loop (if the attacker has access to it) or forging the packet when it’s going through gateways to the DTM component,” Bolshev explained at the time.

HART DTM attack

“The actual impact of the vulnerability is the Denial of Service of the DTM component, FDT [Field Device Tool] frame application and other DTM components in the same container,” the researcher added. “Based on the real infrastructure, the restart of the FDT Frame application or rebooting the server with the FDT Frame may be needed to recover the system.”

Advisories from ICS-CERT show that Honeywell, Magnetrol and Pepperl+Fuchs also started integrating the new version of the CodeWrights library into their products at the beginning of this year.

The CodeWrights vulnerability was identified by Digital Security as part of a larger research project targeting vulnerable DTM components. Experts identified a total of 32 vulnerable DTM components from 24 vendors.

Related: Learn More at the ICS Cyber Security Conference

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.