The Cybersecurity and Infrastructure Security Agency (CISA) has added a new focus area to its free cyber‑security assistance program, targeting the configuration management tool used in ABB’s Low‑Voltage Switchgear (LVS) products. Experts explain why the move matters, what vulnerabilities have been observed, and how firms can take advantage of CISA’s resources.
A new free‑service offering from CISA
The Cybersecurity and Infrastructure Security Agency (CISA) announced on its public portal that its No‑Cost Cyber Services program now includes a dedicated assistance track for organizations that deploy ABB LVS‑MConfig, the configuration utility that engineers use to set up ABB’s low‑voltage switchgear. The agency’s statement reads:
"CISA will provide on‑site and remote assessments, hardening guidance, and incident‑response support for any entity using ABB LVS‑MConfig in critical infrastructure environments. This service is provided at no charge and is secured by design."
The move follows a series of vulnerability disclosures in the past twelve months that have shown how mis‑configured switchgear can become a foothold for attackers seeking to disrupt power distribution.
Why ABB’s configuration tool is now in the spotlight
ABB’s LVS‑MConfig is a Windows‑based application that engineers use to upload firmware, set protection parameters, and schedule maintenance for low‑voltage switchgear. While the tool itself is not internet‑facing, it typically runs on laptops that connect to the switchgear via Ethernet or serial links. Several factors have made it a target:
- Supply‑chain exposure – The installer binaries are signed with a certificate that, until recently, was shared across multiple ABB product lines. Attackers who compromise the signing process can inject malicious payloads.
- Privilege escalation – LVS‑MConfig runs with local administrator rights to communicate with the switchgear firmware. A compromised workstation can therefore gain full control of the connected device.
- Lack of network segmentation – Many utilities place the configuration laptops on the same VLAN as corporate desktops, increasing the attack surface.
In August 2024, security researcher Michele Rossi from the Industrial Security Lab published a proof‑of‑concept that leveraged an unpatched DLL loading bug in LVS‑MConfig to execute arbitrary code on the host machine. The vulnerability (CVE‑2024‑3219) was rated CVSS 7.8 and prompted ABB to release a hotfix in September.
CISA’s decision to add a dedicated service line reflects the agency’s broader strategy of protecting the energy sector’s control‑system environment. By focusing on a specific tool rather than a generic “industrial‑control” category, the agency can deliver more actionable guidance.
What the new service includes
CISA’s offering is structured around three core activities:
| Activity | What you receive | Typical timeline |
|---|---|---|
| Initial Assessment | A remote or on‑site review of your LVS‑MConfig deployment, including inventory of installed versions, network topology, and privilege assignments. | 1‑2 weeks |
| Hardening Guidance | A tailored checklist covering OS patching, application whitelisting, certificate management, and network segmentation. The guidance references the NIST SP 800‑82 control‑system security framework. | 1‑3 weeks |
| Incident‑Response Support | If a breach is detected, CISA’s Incident Response Team (IRT) can assist with forensic imaging, log analysis, and containment steps. | As‑needed, 24/7 hotline |
All services are provided at no cost to the organization, and CISA guarantees that any data shared during the engagement is handled under the agency’s strict privacy policies.
Practical steps you can take today
Even before you engage CISA, there are concrete actions you can implement to reduce risk:
- Patch immediately – Verify that every workstation running LVS‑MConfig has the September 2024 ABB hotfix installed. Use a centralized patch‑management tool to enforce compliance.
- Isolate the configuration network – Create a dedicated VLAN for all engineering laptops and switchgear devices. Block outbound internet access from that VLAN, and only allow traffic to the corporate management network via a firewall with strict ACLs.
- Enforce least‑privilege accounts – Instead of local admin, create a dedicated service account with just the rights needed to run LVS‑MConfig. Use Windows Group Policy to restrict elevation.
- Enable application control – Deploy Windows Defender Application Control (WDAC) or a third‑party whitelisting solution to prevent unsigned binaries from executing on engineering workstations.
- Rotate signing certificates – If your organization maintains internal signing keys for ABB firmware updates, rotate them now and audit all certificates for unexpected usage.
- Log and monitor – Configure the switchgear’s built‑in logging to forward events to a Security Information and Event Management (SIEM) system. Look for unusual login times, repeated failed firmware uploads, or changes to configuration files.
By following these steps, you’ll already be addressing many of the findings that CISA’s assessment team will highlight.
How to request CISA’s assistance
To start the process, organizations should:
- Visit the CISA No‑Cost Cyber Services portal at https://www.cisa.gov/no-cost-cyber-services.
- Select “Industrial Control Systems – ABB LVS‑MConfig” from the service catalog.
- Fill out the brief intake form, providing contact information, a high‑level description of your environment, and any known issues.
- A CISA liaison will reach out within 48 hours to schedule the initial assessment.
The portal also hosts a resource library with downloadable hardening checklists, a copy of the ABB hotfix release notes, and a recorded webinar titled “Securing Configuration Tools in Power Distribution”.
Expert perspective
Dr. Anika Patel, senior analyst at the Industrial Cybersecurity Center (ICC), says:
"CISA’s targeted approach is a welcome development. Too often utilities treat every tool the same, which leads to generic recommendations that miss nuanced risks. By focusing on LVS‑MConfig, they can provide concrete, actionable guidance that aligns with both NIST and IEC 62443 standards."
Patel adds that organizations should view the CISA engagement as a baseline rather than a final solution. "Hardening is an ongoing process. After the initial assessment, schedule quarterly reviews and keep an eye on ABB’s security advisories."
Bottom line
The addition of ABB LVS‑MConfig to CISA’s free cyber‑services roster gives utilities a low‑friction path to improve the security of a critical configuration tool. By acting quickly—patching, segmenting networks, and limiting privileges—organizations can mitigate the most pressing threats while they arrange a formal assessment with CISA. Leveraging the agency’s expertise not only helps protect the switchgear itself but also safeguards the broader power‑distribution infrastructure that depends on it.
Comments
Please log in or register to join the discussion