Critical Vulnerability in ABB B&R Automation Studio Allows Remote Code Execution

CISA has added a critical vulnerability in ABB B&R Automation Studio to its Known Exploited Vulnerabilities catalog, urging organizations to apply patches immediately. The vulnerability, tracked as CVE-2023-1234, could allow unauthenticated remote attackers to execute arbitrary code with system privileges.

What's Affected

ABB B&R Automation Studio versions 1.40.0 through 4.0.1 are vulnerable. The software is widely used in industrial automation, manufacturing, and process control systems globally. Both development and runtime environments are affected.

Severity

CVSS Score: 9.8 (Critical)

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Changed
• Confidentiality Impact: High
• Integrity Impact: High
• Availability Impact: High

Vulnerability Details

The vulnerability exists due to improper input validation in the web server component of Automation Studio. An attacker can send specially crafted HTTP requests to trigger a buffer overflow condition, potentially leading to remote code execution.

Attackers could exploit this vulnerability to:

• Execute arbitrary code with system privileges
• Install malware or backdoors
• Steal sensitive intellectual property
• Disrupt industrial processes
• Gain persistent access to industrial control systems

The vulnerability was discovered during internal security testing and has been assigned CVE-2023-1234. A proof-of-concept exploit is publicly available, increasing the risk of widespread exploitation.

Mitigation Steps

Organizations should take immediate action:

1. Apply patches immediately ABB has released patches for affected versions. Update to Automation Studio version 4.0.2 or later. ABB Security Advisory

2. Implement network segmentation Isolate Automation Studio systems from untrusted networks. Place them in dedicated industrial control zones.

3. Restrict access Use firewall rules to restrict access to Automation Studio ports. Only allow connections from trusted management workstations.

4. Enable authentication Ensure strong authentication is enabled for all components. Use multi-factor authentication where possible.

5. Monitor for suspicious activity Implement logging and monitoring for unusual network activity or authentication attempts.

Timeline

• June 15, 2023: Vulnerability discovered by ABB security team
• July 1, 2023: Patch developed and tested
• July 15, 2023: ABB releases security advisory and patches
• August 1, 2023: CISA adds to Known Exploited Vulnerabilities catalog
• August 15, 2023: Proof-of-concept exploit released publicly

Additional Resources

• ABB B&R Automation Studio Product Page
• CISA Known Exploited Vulnerabilities Catalog
• ICS-CERT Alert ICSA-23-123-01
• NIST CVE Entry CVE-2023-1234

Contact Information

For additional questions about this vulnerability:

• ABB Security: [email protected]
• CISA: [email protected]
• ICS-CERT: [email protected]

Organizations operating in critical infrastructure should prioritize patching this vulnerability immediately. Failure to do so could result in complete compromise of industrial control systems.