GE and MACTek HART Device DTM Vulnerability (Update A)

CVEs (1)

Remediations

• GE has released an advisory and update addressing the GE HART Device DTMs.
• The advisory can be found here: http://www.geoilandgas.com/securityadvisory
• The update can be downloaded here: http://www.ge-mcs.com/en/download.html
• MACTek has released its update at the following location: https://mactekcorp.com/download.php
• The updated DTM versions are as follows: Bullet DTM 1.00.1, Vector DTM 1.00.1, SVi1000 DTM 1.00.1, SVI II AP Positioner DTM 2.10.1, and 12400 DTM 1.00.1.
• Device DTM software with the identified vulnerable versions listed as impacted should be used only within an offline secure network until patched. ICS-CERT strongly recommends performing configuration changes in a nonproduction environment where proper testing and risk evaluation can be performed. ICS-CERT also recommends that asset owners employ a least privilege practice and avoid unnecessary services within their production environment.
• Some processes may require continual configuration changes. ICS-CERT recommends asset owners maintain all software with the latest security releases, limit connections outside the control process, and monitor approved connections for suspicious traffic.

Affected Vendors

Affected Products (5)