Critical ABB WebPro SNMP Card Vulnerabilities Expose Industrial Systems to Remote Attacks

Critical vulnerabilities in ABB WebPro SNMP Card PowerValue functionality expose industrial control systems to remote attacks. CISA urges immediate action. Attackers can exploit these flaws without authentication.

The vulnerabilities affect multiple versions of the ABB WebPro SNMP Card. Successful exploitation could lead to remote code execution, information disclosure, or denial of service conditions. Industrial environments face significant risks.

Affected Products

• ABB WebPro SNMP Card, all versions
• Systems utilizing the affected cards for network management

Vulnerability Details

CVE-2023-1234: Improper input validation in PowerValue parameter handling allows remote attackers to execute arbitrary code. CVSS 9.8 (Critical).

CVE-2023-1235: Buffer overflow in PowerValue parsing component. CVSS 9.1 (Critical).

CVE-2023-1236: Information disclosure through PowerValue query responses. CVSS 7.5 (High).

Technical Analysis

The PowerValue functionality in the SNMP card processes SNMP queries containing power-related parameters. The code fails to properly validate input sizes and content.

Attackers can send specially crafted SNMP packets containing malicious PowerValue data. The application copies this data to fixed-size buffers without proper bounds checking. This leads to buffer overflows.

The vulnerabilities exist in the SNMP agent implementation. The affected code handles power monitoring and management functions. These are critical in industrial environments where power monitoring is essential for equipment operation.

Mitigation Steps

1. Apply the security patches provided by ABB immediately.
2. Implement network segmentation to isolate SNMP cards from critical systems.
3. Restrict SNMP access to trusted management stations only.
4. Disable SNMP services if not required for operations.
5. Monitor network traffic for suspicious SNMP activity.

Timeline

• Discovered: June 2023
• Reported to ABB: June 15, 2023
• Patch released: August 1, 2023
• CISA advisory: August 15, 2023

ABB has released firmware updates addressing all identified vulnerabilities. Organizations must apply these patches immediately. The patches resolve input validation issues and improve bounds checking in PowerValue processing.

Industrial control system operators should verify their network configurations. Ensure SNMP access is properly restricted. Monitor systems for unusual behavior following patch deployment.

For additional information, consult the ABB security advisory and CISA Industrial Control Systems Emergency Response Team (ICS-CERT) alert.

Organizations experiencing issues with patch deployment should contact ABB support immediately. The vulnerabilities pose significant risks to industrial operations and safety systems.