ICSA-19-178-01 · Published 2019-06-27 · View on CISA ICS-CERT ↗

ABB PB610 Panel Builder 600

CVSS 8.8 HIGH

Risk Summary

An attacker who successfully exploits these vulnerabilities could prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node.

CVEs (7)

CVE-2019-7225 CVE-2019-7226 CVE-2019-7227 CVE-2019-7228 CVE-2019-7230 CVE-2019-7232 CVE-2019-7231

Remediations

PB610 Panel Builder 600: v2.8.0.424.
New version of BSP (board support package) UN31: v2.31.
New version of BSP (board support package) UN30: v2.31.
ABB recommends users apply the update of the PB610 applications on CP600 control panels at the earliest convenience.
If an update of the devices is not possible. ABB recommends users restrict network access to the devices to only trusted parties/devices.
To prevent an unauthorized login via a remote client, leave the “Force Remote Login” option of the security settings checked (default setting). In addition, set new users and passwords in the user's settings for remote clients to “use different user and password.”
Restrict physical access to process control systems to authorized personnel,
Do not have direct connections to the Internet,
Separate from other networks by means of a firewall system with a minimal number of exposed ports,
Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
More information on ABB's recommended practices can be found in the following document: 3BSE032547, Whitepaper - Security for Industrial Automation and Control Systems
For additional information and support please contact the local ABB service organization. For contact information, see: https://new.abb.com/contact-centers.
Information about ABB's cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity.
For more information see ABB's security advisory 3ADR010377.

Affected Vendors

ABB

Affected Products (1)

ABB · PB610 Panel Builder 600 order code 1SAP500900R0101 | 1.91 <= 2.8.0.367

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more