Today, industrial control system architectures are complex, multilayered networks, based on many popular (now and not so long ago) technologies, such as XML, COM, ActiveX, OLE32, JSON, .Net, and others. FDT/DTM is one of such architectural elements. In short, FDT/DTM standardizes the communication and configuration interface between all (industrial) field devices and host systems. This is archived with the help of DTM - COM, ActiveX or .Net components. Such components exist for many devices used in oil, gas, energy, nuclear, chemical, and other critical industries. Look at any factory, plant, or other industry object, and you'll find an RTU or PLC that is configured by a DTM component.
During our research, we've analyzed the components for hundreds of field devices based on the Modbus, HART, and Profibus DP low-level protocols. Many of them are exposed to insufficient filtration of user-supplied data, XSS, XXE, SSRF, DoS, and other vulnerabilities. We will provide detailed statistics on the security flaws of DTM components from various vendors.