ABB Power Generation Information Manager (PGIM) and Plant Connect

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device.

CVEs (1)

Remediations

• ABB reports PGIM will transition to a limited support phase in January, 2020, and Plant Connect is already obsolete.
• Users are advised to upgrade to Symphony Plus Historian, which is not affected by this vulnerability. Symphony Plus Historian is the successor to the PGIM and Plant Connect products and features improved cybersecurity.
• ABB further recommends users of PGIM not use the same credentials for Windows login as used to log into the PGIM and Plant Connect applications. Additionally, end users who cannot immediately upgrade should consider protecting network communication by use of IPSec or other means. Users should contact ABB for additional support details.
• For additional instructions and support, please contact ABB service at: https://new.abb.com/contact-centersInformation about ABB's cybersecurity program and capabilities can be found at: http://www.abb.com/cybersecurity
• For more information, see ABB's security advisory 8VZZ002158.

Affected Vendors

Affected Products (2)

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater