← Back to home
ICSA-23-068-03  ·  Published 2023-04-03  ·  View on CISA ICS-CERT ↗

ABB Ability Symphony Plus

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an unauthorized client to connect to the S+ Operations servers (human machine interface (HMI) network), to act as a legitimate S+ Operations client.

CVEs (1)

Remediations

  • ABB advises all users to review their installations to determine if they are using an impacted product as listed above. End users should immediately apply the mitigations listed below to restrict or prevent an attacker’s ability to compromise these systems.
  • S+ Operations 3.3 SP2 (part of SPR2 2023.0): deploy the upcoming update for this version; planned release within Quarter (Q) 3 2023.
  • S+ Operations 3.3 SP1 and earlier 3.x versions: deploy the upcoming update for this version; planned release within Q4 2023.
  • S+ Operations 2.2: deploy the upcoming update for this version; planned release within Q4 2023.
  • S+ Operations 2.1 SP2 and earlier 2.x versions: upgrade the system to version S+ Operations 3.3 with the updates described above to mitigate the issue completely.In addition to the updates above, ABB recommends users follow the mitigating factors as described below:
  • Follow the ABB's recommended approach of designing and deploying a secure network for industrial use, ICS Cyber Security Reference Architecture Guide, 8VZZ000368D0066—S+ Operations is not intended to be directly connected to the internet.
  • Enable host authentication and data integrity via IPsec—documented in “Symphony Plus Secure deployment guide for Windows 10 and Server 2016/2019 user manual”, 8VZZ001006T0001—to prevent an attack by an unauthorized client able to connect to the S+ Operations servers (HMI network).
  • Apply security countermeasures at host-level to mitigate the likelihood of an attack to the S+ Operations client machine, like hardening practices and use of malware prevention solutions—see section “What is the scope of the vulnerability?For more information, see ABB's cybersecurity advisory.

Affected Vendors

ABB

Affected Products (4)

ABB · S+ Operations 3.3 SP2 (part of SPR1 2023.0)
ABB · S+ Operations < 3.3 SP1 3.x
ABB · S+ Operations 2.2
ABB · S+ Operations < 2.1 SP2

Affected Sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more