ABB PCM600 Vulnerabilities

CVSS 4.6 MEDIUM

CVEs (4)

CVE-2016-4511 CVE-2016-4516 CVE-2016-4524 CVE-2016-4527

ABB has corrected the problems in PCM600 Version 2.7. ABB recommends that users apply the update at earliest convenience.
ABB recommends using the following security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network: Physically protect control systems from direct access by unauthorized personnel. Do not allow direct connections from control systems to the Internet. Separate control systems from other networks by deploying a firewall that has a minimal number of ports exposed. Do not use process control systems for Internet surfing, instant messaging, or receiving emails. Carefully scan portable computers and removable storage media for viruses before they are connected to a control system.
ABB provides more information on recommended practices in 1MRS758440, Protection and Control IED Manager PCM600 Cyber Security Deployment Guideline, which can be found at the following location: (http://search.abb.com/library/Download.aspx?DocumentID=1MRS758440&Action=Launch)

ABB

ABB · PCM600 <=2.6

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.