ABB CP400 Panel Builder TextEditor 2.0

Risk Summary

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, and cause a denial-of-service condition within the Text Editor application.

CVEs (1)

Remediations

• ABB recommends users of affected Versions 2.0.7.05 and prior update to the latest Version 2.1.7.21, which can be requested at the following location:
• For additional information, see the ABB advisory ABBVU-IACT-3BSE091042 at the following location:
• SECURITY - CP400 Panel Builder TextEditor 2.0, Improper input validation vulnerability ABBVU-IACT-3BSE091042
• Conduct or reinforce cybersecurity awareness training for users.
• Follow general cybersecurity best practice recommendations for industrial control systems.
• Be aware that it is possible to infect Panel Builder files with malware.
• Be careful with files that are received unexpectedly and/or from unexpected sources.
• Carefully inspect any files transferred between computers, scan them with up-to-date antivirus software, so that only legitimate files are transferred.
• Manage user accounts following the principle of least privilege.
• More information on recommended practices can be found in ABB's Security for Industrial Automation and Control Systems paper - 3BSE032547.

Affected Vendors

Affected Products (1)

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater