← Back to home
ICSA-20-154-04  ·  Published 2020-06-02  ·  View on CISA ICS-CERT ↗

ABB Central Licensing System

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system node remotely and cause an affected CLS Server node to stop or prevent legitimate access to the affected CLS Server.

CVEs (5)

Remediations

  • Upgrade ABB CLS to the following version: 5.1 Rev A (5.1.0.38)
  • Upgrade ABB CLS to the following version: 5.1 Rev E (5.1.0.99)
  • Upgrade ABB CLS to the following version: 6.0 (6.0.0.26)
  • Upgrade ABB CLS to the following version: 6.0.3.3 (6.0.03000.192)
  • Upgrade ABB CLS to the following version: 6.1 RU1 (6.1.00100.417)
  • If ABB Central Licensing Server 5.1 (5.1.0.14) or earlier has been used on the currently used hardware, please contact ABB for further assistance.
  • Methods for preventing unauthorized access to nodes on the CLS network include but are not limited to usage of IPSec and by separating the Client Server Network from other networks with firewalls.
  • Ensure only authorized individuals have access to user accounts on the system nodes.
  • Interactive login to service accounts should be blocked.
  • For more information, please see ABB's cybersecurity advisory.
  • Vulnerabilities pertaining to CVE-2020-8475 and CVE-2020-8476 will be corrected in future product versions. Updates will be added to this advisory once they become available.

Affected Vendors

ABB

Affected Products (16)

ABB · AdvaBuild 3.7 SP1 | 3.7 SP2
ABB · ABB Ability System 800xA / Advant OCS Control Builder A 1.3 | 1.4
ABB · ABB Ability System 800xA and related system extensions 5.1 | 6.0 | 6.1
ABB · ABB Ability Manufacturing Operations Management 1812 | 1909
ABB · Harmony OPC Server (HAOPC) 6.0 | 6.1 | 7.0
ABB · Advant OCS AC 100 OPC Server 5.1 | 6.0 | 6.1
ABB · OPC Data Link 2.1 | 2.2
ABB · Composer Harmony 5.1 | 6.0 | 6.1
ABB · ABB Ability Symphony Plus - S+ Engineering >= 1.1 | <= 2.2
ABB · OPC Server MOD 300 (non-800xA) 1.4
ABB · ABB Ability Knowledge Manager 8.0 | 9.0 | 9.1
ABB · Composer CTK 6.1 | 6.2
ABB · Control Builder Safe 1.0 | 1.1 | 2.0
ABB · Composer Melody (incl. SPE for Melody 1.0 SPx) 5.3 | 6.1 | 6.2 | 6.3
ABB · ABB Ability Symphony Plus - S+ Operations >= 3.0 | <= 3.2
ABB · Compact HMI 5.1 | 6.0

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more