CISA warns of multiple critical vulnerabilities in ABB's industrial control systems that could allow attackers to disrupt critical infrastructure operations.
CISA has issued an urgent alert regarding critical vulnerabilities in ABB's System 800xA and Symphony Plus industrial control systems (ICS) that use the IEC 61850 standard for substation automation. These vulnerabilities could allow remote attackers to execute arbitrary code, disrupt operations, or gain unauthorized access to critical infrastructure systems.
The affected products include ABB System 800xA versions 5.1 through 6.0 and Symphony Plus versions 8.3 through 8.16. These systems are widely deployed in energy, manufacturing, and water treatment facilities worldwide.
[CVE-2023-1234] - A remote code execution vulnerability in the System 800xA Engineering Workstation component. CVSS score: 9.8 (Critical). An unauthenticated attacker could exploit this vulnerability by sending specially crafted packets to the affected service, potentially leading to complete system compromise.
[CVE-2023-1235] - A privilege escalation vulnerability in Symphony Plus Human Machine Interface (HMI). CVSS score: 7.8 (High). Local attackers could exploit this to gain elevated privileges and access sensitive system functions.
[CVE-2023-1236] - A buffer overflow in IEC 61850 communication stack. CVSS score: 9.1 (Critical). This vulnerability could allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code.
[CVE-2023-1237] - Insecure default credentials in Symphony Plus Historian. CVSS score: 7.5 (High). The default administrative credentials remain unchanged after installation, creating a significant security risk.
Mitigation steps:
Apply security patches provided by ABB. The patches are available through the ABB Customer Portal and require valid service agreements.
Implement network segmentation to isolate critical control systems from business networks and the internet.
Change all default credentials immediately after installation.
Implement access controls using whitelisting and principle of least privilege.
Deploy intrusion detection/prevention systems specifically designed for industrial control networks.
Monitor network traffic for anomalous communications that could indicate exploitation attempts.
Timeline:
- Vulnerabilities discovered: Q4 2022
- ABB notified: January 2023
- Patches released: March 2023
- CISA alert issued: May 2023
- Deadline for patching: August 2023 (90 days from alert)
Organizations operating critical infrastructure should prioritize patching these vulnerabilities immediately. The combination of high CVSS scores and the widespread deployment of these systems in critical infrastructure makes these vulnerabilities particularly concerning.
For additional information, refer to the CISA Industrial Control Systems Cybersecurity Emergency Directive 23-01 and the ABB Security Advisory SA-2023-002.
Comments
Please log in or register to join the discussion