ABB TropOS (Update A)

CVSS 6.8 MEDIUM

Risk Summary

Vendor: ABB

CVE-2017-13077

ABB has released Mesh OS version 8.5.3 to address these vulnerabilities.
ABB has released an advisory (1KHW02890) on their alerts and notification page:
ABB is working on remedial actions for all affected products.
This advisory will be updated when firmware, including remedial measures, is available.
The TropOS mesh wireless interfaces are not vulnerable. Wired client interfaces (Ethernet, Serial) are not vulnerable. An attacker must be in physical proximity of the Wi-Fi access point and connected client to be successful. If the communication across the Wi-Fi link is encrypted at Layer 3 (e.g., SSH, SSL, HTTPS, or SNMPv3 encrypted), privacy is maintained during an otherwise successful attack. If possible, encrypt communication across the Wi-Fi link at Layer 3 using SSH, SSL, HTTPS, or SNMPv3. There is no complete workaround which allows protected Wi-Fi access to the TropOS Mesh.
ABB users with a current Complete Software Care or Complete Software + Hardware Care subscription are advised to contact ABB Wireless support on phone +1(408) 331 6800, ext. 4, or email [email protected].

ABB

ABB · TropOS Mesh OS <= 8.5.2

Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.