Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, cause system functions to stop, and corrupt user applications.
CVEs (2)
Remediations
- ABB recommends changing any user account passwords suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for the service account.
- The vulnerabilities in the OPC Server for AC 800M was corrected in System 800xA 6.1
- In the Control Builder M Professional, MMS Server for AC 800M and Base Software for SoftControl and ABB System 800xA Base, the vulnerabilities will be corrected in future releases of System 800xA. These vulnerabilities are planned to be corrected in the next release on the 6.0.3 LTS track following 6.0.3.3
- Please note these vulnerabilities can only be exploited by authenticated users, so users are recommended to ensure only authorized persons have access to user accounts in System 800xA.
- For more information please refer to ABB's Cybersecurity Advisory.
Affected Vendors
ABB
Affected Products (5)
ABB
·
MMS Server for AC 800M
<= 6.1
ABB
·
OPC Server for AC 800M
<= 6.0
ABB
·
ABB System 800xA Base
<= 6.1
ABB
·
Control Builder M Professional
<= 6.1
ABB
·
Base Software for SoftControl
<= 6.1
Affected Sectors
Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more