ICSA-12-320-01
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
ABB AC500 PLC Webserver CoDeSys Vulnerability
CVSS 10.0
CRITICAL
CVEs (1)
Remediations
- ABB has released a Vulnerability Security Advisory and patch (V2.1.5) that mitigates this vulnerability that was made available in December 2011. Firmware versions starting from V2.1.4 do not contain the vulnerability. Firmware V2.1.5 can be found in the ABB PLC download center. (http://www.abb.com/plc)
- The Web server component is not active in the default configuration of the system. It should only be used if human-machine interface visualization is required. PLCs that are continuously running are expected to be in a factory environment where additional cybersecurity measures, such as isolation, intrusion detection, etc., are part of normal security operations and reduce the risk for malware or unauthorized personnel to have a network connection to the PLC.
Affected Vendors
ABB
Affected Products (9)
ABB
·
1SAP130 300 R0271 PM573-ETH
firmware__V2.1.3
ABB
·
1SAP140 300 R0271 PM583-ETH
firmware__V2.1.3
ABB
·
1SAP150 000 R0271 PM590-ETH
firmware__V2.1.3
ABB
·
1SAP150 100 R0271 PM591-ETH
firmware__V2.1.3
ABB
·
1SAP150 200 R0271 PM592-ETH
firmware__V2.1.3
ABB
·
1TNE968 900 R0110 PM554-T-ETH
firmware__V2.1.3
ABB
·
1TNE968 900 R1110 PM564-T-ETH
firmware__V2.1.3
ABB
·
1TNE968 900 R1210 PM564-R-ETH
firmware__V2.1.3
ABB
·
1TNE968 900 R1211 PM564-R-ETH-AC
firmware__V2.1.3
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more