Risk Summary
An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file.
CVEs (1)
Remediations
- Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network.
- Conduct or reinforce cybersecurity awareness training for users of Panel Builder 800: Describing general cybersecurity best practice recommendations for industrial control systems, Informing that it is possible to infect Panel Builder files with malware, Describing the importance of being careful with files that are received unexpectedly and/or from unexpected sources.
- Carefully inspecting any files transferred between computers, including scanning them with up-to-date antivirus software, so that only the legitimate files are being transferred.
- User account management, appropriate authentication and permission management using the principle of least privilege.
- Please see the following cybersecurity advisory on the ABB website for more information:
Affected Vendors
ABB
Affected Products (1)
ABB
·
Panel Builder 800
vers:all/*
Affected Sectors
Chemical, Critical Manufacturing, Energy, Dams, Water and Wastewater, and Food and Agriculture
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more