Earlier this week, ICS-CERT announced that a new vulnerability was discovered in ICS products made by Endress+Hauser. The vulnerability affects the DTM library used by Endress+Hauser HART-based field devices in the FDT/DTM Frame Application. If a specially crafted packet manages to exploit the vulnerability, the DTM Frame Application will become unresponsive as result of a buffer overflow. Endress+Hauser has released a security update addressing this issue. Despite the fact that we haven’t observed this vulnerability being exploited in the wild, we highly recommend applying the patch by Endress+Hauser as soon as possible.
To minimize the risk of an ICS device being compromised by an attacker, be sure to consider the following general recommendations:
- Discover and document – You can’t protect a system if you don’t know it exists. Take some time to identify and document all of the legacy and unsupported operating systems in your network.
- Isolate – Segmenting the ICS system will reduce the risk of it being compromised by an attacker. Take some time to verify that it is inaccessible from any unnecessary business/ user networks.
- Update and secure – Install all available patches and updates. Be sure that you are notified of any updates to the operating system, firmware and any installed applications.
- Perform thorough log analysis – Implement some sort of centralized logging platform to ensure you have the ability to detect any anomalies that occur within these systems.
- Leverage the use of an ICS honeypot – Creating a HoneyPot ICS device will help you discover suspicious activity within your network before it affects a production system.