February 4, 2016 By Larry Loeb 2 min read

The Highway Addressable Remote Transducer (HART) Communications Protocol works with field devices to control parts in industrial control systems (ICS). It also collects data from sensors in order to monitor these industrial environments. The nature of this product makes security a priority, but researchers recently came across some flaws that could pose problems.

Applied Risk reported to SecurityWeek that it found several serious vulnerabilities in some products that use the WirelessHART networking technology. For instance, ProComSol has released an Android-based smart device communicator app for HART. Because of the way this app is configured, an attacker would only need knowledge of the vulnerabilities and an Android smartphone to carry out an exploit.

No Specifics on Networking Technology Vulnerabilities

Applied Risk hasn’t disclosed any specific details about the vulnerabilities of the networking technology since the software products at risk remain unpatched at this time. Vendors have been notified and are working on patches, according to Applied Risk.

The company did tell SecurityWeek that it identified several vulnerabilities in each of the products and brands analyzed. Some flaws share a common attack surface and are found on vulnerable devices around the world.

Unfortunately, the majority of the plants using them are most likely unaware of the risks, SecurityWeek reported. And with a lack of active monitoring systems in use throughout the related industries, an attack would probably go undetected.

“The most serious risk, however, is the loss of life in the case of explosions, especially in hazardous environments,” Jalal Bouhdada, the founder of Applied Risk, told SecurityWeek. “Alongside the potential impact to the environment, an attack could lead to significant reputational damage. End users and ICS suppliers must take a more proactive and thorough approach to testing — and implementing security measures to effectively tackle these threats.”

Others Have Found HART Problems

Applied Risk is not the only security firm to study the existence of vulnerabilities in HART-based devices. In 2014, for example, security researchers discovered that a widely used HART-related library was vulnerable to an exploit that could crash field devices. That issue was eventually fixed by Emerson Process Management.

Attacks on industrial control systems have been on the rise, according to an alert from the Industrial Control System Cyber Emergency Response Team (ICS-CERT). Whether this pathway will be severely exploited is not yet known, but users of the networking technology need to be aware of the potential danger.

More from

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today