ABB System 800xA Information Manager

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server.

CVEs (1)

Remediations

• This vulnerability was corrected in System 800xA of the following versions: 5.1 Rev E/5.1 FP4 E TC6, ABB recommends users on the 5.1 track to install this TC, which can be obtained from technical support upon request.
• This vulnerability was corrected in System 800xA of the following versions: 6.0.3.3 RU1, ABB recommends users on the 6.0.3 LTS track to update 6.0.3.3 and install RU1 for IM.
• This vulnerability was corrected in System 800xA of the following versions: 6.1 RU1, ABB recommends users on the 6.1 track to update to this version.
• The above-mentioned updates are recommended regardless of whether the previously described manual removal of the vulnerable component has been done or not. The IM rollups for 6.0.3.3 and 6.1 can be downloaded from My ABB/My Control System.
• Please note this vulnerability can be exploited by remote and unauthenticated users, so users are recommended to ensure only authorized persons have access to plant assets and network and that web browsing from system nodes to external networks is restricted, especially from an IM node.
• Check that the usage of the Access Enable key in AC 800M HI and the configured access level of SIL variables corresponds to the risk analysis.
• Successful exploitation of this vulnerability requires luring a user to a malicious website. Recommended baseline security practices and firewall configurations can help protect a network and its attached devices from attacks that originate from outside the network.
• Recommended baseline security practices and firewall configurations can help protect a network and its attached devices from attacks that originate from outside the network. For example, common practices are for process control systems to be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that must be evaluated case by case.
• Process control and automation systems should not be used for general business functions (e.g., Internet browsing, email, etc.) that are not critical industrial processes. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
• Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system with a minimal number of ports exposed. For more information please refer to ABB's Cybersecurity Advisory.

Affected Vendors

Affected Products (3)