ICSA-20-154-03 · Published 2020-06-02 · View on CISA ICS-CERT ↗

ABB Multiple System 800xA Products

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to make the system node inaccessible or tamper with runtime data in the system.

CVEs (7)

CVE-2020-8478 CVE-2020-8484 CVE-2020-8485 CVE-2020-8486 CVE-2020-8487 CVE-2020-8488 CVE-2020-8489

Remediations

ABB recommends changing any user account passwords suspected to be known by an unauthorized person. ABB recommends users disable interactive logon (both local and remote) for the service account.
Please note these vulnerabilities can only be exploited by authenticated users. ABB recommendeds users ensure only authorized persons have access to user accounts in System 800xA.
ABB plans to correct these vulnerabilities in future product versions.
For more information, please refer to ABB's Cybersecurity Advisory.

Affected Vendors

ABB

Affected Products (9)

ABB · 800xA for DCI vers:all/*

ABB · 800xA Batch Management vers:all/*

ABB · 800xA Information Management vers:all/*

ABB · MMS Server for AC 800M vers:all/*

ABB · Base Software for SoftControl vers:all/*

ABB · OPC Server for AC 800M vers:all/*

ABB · 800xA RNRP vers:all/*

ABB · 800xA for MOD 300 vers:all/*

ABB · ABB System 800xA Base vers:all/*

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more