Host Engineering Communications Module

Risk Summary

Successful exploitation of this vulnerability could crash the device being accessed, leading to a denial-of-service condition.

CVEs (1)

Remediations

• To update the firmware in the H0-ECOM100 to version v5.0.156 or later, use the free program utility called NetEdit3, downloadable from Host Engineering's Website, then use the follow steps:
• In the NetEdit3 software's menu, select File --> Download Newest Firmware (Live Update).... This pulls up the Live Update dialog
• In the Live Update dialog, press the <Go!> button, and the window will indicate which files were uploaded and their storage locations (there are default locations).
• Press the <OK> button to exit the Live Update dialog. Upon exiting this dialog, NetEdit3 will scan the network for new devices and only the Host Engineering Ethernet devices (like the H0-ECOM100) will respond and be displayed in a list.
• Host Engineering recommends ceasing all communication with the H0-ECOM100 before attempting to update its firmware. Specifically, the PLC in should be placed in Stop mode and/or disconnecting all other devices, such as HMIs or other ECOM100s, potentially communicating with it.
• Once the list displays in NetEdit3, right-click H0-ECOM100 and select, Update Firmware.... This will pull up an Open file dialog. However, in the File name parameter, the latest firmware file will already be selected.
• Press the <Open> button. This will pull up the Confirm Update dialog asking a user to continue.
• Press the <Yes> button to update the firmware.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing