Details of VAR-201501-0399

ID

VAR-201501-0399

CVE

CVE-2014-9191

TITLE

CodeWrights 'HART DTM' Library Local Denial of Service Vulnerability

Trust: 0.8

sources: IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00263

DESCRIPTION

The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop. HART Device Type Manager is a device type manager. CodeWrights 'HART DTM' Library has a local denial of service vulnerability that can be exploited by local attackers to initiate a denial of service attack. CodeWrights 'HART DTM' library is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2014-9191 // JVNDB: JVNDB-2014-007577 // CNVD: CNVD-2015-00263 // BID: 71952 // IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00263

AFFECTED PRODUCTS

vendor:	codewrights	model:	hart device type manager	scope:	lte	version:	1.0.44	Trust: 1.0
vendor:	emerson	model:	hart dtm	scope:	lt	version:	1.4.181	Trust: 0.8
vendor:	codewrights	model:	hart device type manager	scope:	lt	version:	1.4.181	Trust: 0.6
vendor:	codewrights	model:	hart device type manager	scope:	eq	version:	1.0.44	Trust: 0.6
vendor:	hart device type manager	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00263 // JVNDB: JVNDB-2014-007577 // CNNVD: CNNVD-201501-202 // NVD: CVE-2014-9191

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9191
value:	LOW
Trust: 1.0
NVD:	CVE-2014-9191
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-00263
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201501-202
value:	LOW
Trust: 0.6
IVD:	aabdfa2c-2351-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2

nvd@nist.gov:	CVE-2014-9191
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-00263
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	aabdfa2c-2351-11e6-abef-000c29c66e3d
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00263 // JVNDB: JVNDB-2014-007577 // CNNVD: CNNVD-201501-202 // NVD: CVE-2014-9191

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2014-007577 // NVD: CVE-2014-9191

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201501-202

TYPE

Resource management error

Trust: 0.8

sources: IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201501-202

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007577

PATCH

title:	EMR.EPM14001-1A	url:	http://www2.emersonprocess.com/siteadmincenter/PM%20Central%20Web%20Documents/EMR%20EPM14001-1.pdf	Trust: 0.8
title:	日本エマソン株式会社	url:	http://www.emerson.co.jp/index.html	Trust: 0.8
title:	YSAR-15-0001: 横河製品の HART Device DTMにバッファオーバーフローの脆弱性	url:	http://www.yokogawa.co.jp/dcs/security/ysar/YSAR-15-0001.pdf	Trust: 0.8
title:	CodeWrights 'HART DTM' Library Patch for Local Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/53962	Trust: 0.6
title:	Rosemount_644_Temperature_Transmitter_8_HART_000026_0018_8_DD1_4_181_4_DTM	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53330	Trust: 0.6

sources: CNVD: CNVD-2015-00263 // JVNDB: JVNDB-2014-007577 // CNNVD: CNNVD-201501-202

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9191	Trust: 3.5
db:	ICS CERT	id:	ICSA-15-008-01A	Trust: 2.4
db:	ICS CERT	id:	ICSA-15-237-01	Trust: 2.1
db:	BID	id:	71952	Trust: 1.9
db:	ICS CERT	id:	ICSA-15-048-03	Trust: 1.1
db:	CNVD	id:	CNVD-2015-00263	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-202	Trust: 0.8
db:	JVN	id:	JVNVU96347573	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-007577	Trust: 0.8
db:	ICS CERT	id:	ICSA-15-008-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-012-01A	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-012-01B	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-036-02	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-069-02	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-029-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-027-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-012-01	Trust: 0.3
db:	IVD	id:	AABDFA2C-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: aabdfa2c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00263 // BID: 71952 // JVNDB: JVNDB-2014-007577 // CNNVD: CNNVD-201501-202 // NVD: CVE-2014-9191

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-008-01a	Trust: 2.4
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-237-01	Trust: 2.1
url:	http://www.securityfocus.com/bid/71952	Trust: 1.6
url:	http://www2.emersonprocess.com/siteadmincenter/pm%20central%20web%20documents/emr%20epm14001-1.pdf	Trust: 1.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9191	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9191	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-048-03	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96347573/	Trust: 0.8
url:	http://www1.codewrights.biz/site/index.php/en/our-offering/for-end-users/hart-commdtm	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-012-01a	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-027-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-036-02	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-048-03#footnotec_6z1l450	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-069-02	Trust: 0.3
url:	http://www2.emersonprocess.com/siteadmincenter/pm%20central%20web%20documents/emr%20epm14001-1.pdf	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-008-01-0	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-012-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-012-01b	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-029-01	Trust: 0.3

sources: CNVD: CNVD-2015-00263 // BID: 71952 // JVNDB: JVNDB-2014-007577 // CNNVD: CNNVD-201501-202 // NVD: CVE-2014-9191

CREDITS

Alexander Bolshev

Trust: 0.3

sources: BID: 71952

SOURCES

db:	IVD	id:	aabdfa2c-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-00263
db:	BID	id:	71952
db:	JVNDB	id:	JVNDB-2014-007577
db:	CNNVD	id:	CNNVD-201501-202
db:	NVD	id:	CVE-2014-9191

LAST UPDATE DATE

2024-11-23T23:09:20.171000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00263	date:	2015-01-14T00:00:00
db:	BID	id:	71952	date:	2015-11-03T19:18:00
db:	JVNDB	id:	JVNDB-2014-007577	date:	2015-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201501-202	date:	2015-01-14T00:00:00
db:	NVD	id:	CVE-2014-9191	date:	2024-11-21T02:20:22.350

SOURCES RELEASE DATE

db:	IVD	id:	aabdfa2c-2351-11e6-abef-000c29c66e3d	date:	2015-01-14T00:00:00
db:	CNVD	id:	CNVD-2015-00263	date:	2015-01-14T00:00:00
db:	BID	id:	71952	date:	2015-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-007577	date:	2015-01-14T00:00:00
db:	CNNVD	id:	CNNVD-201501-202	date:	2015-01-12T00:00:00
db:	NVD	id:	CVE-2014-9191	date:	2015-01-10T02:59:34.693