ABB Arctic Wireless Gateways

CVSS 8.1 HIGH

CVEs (8)

CVE-2023-47610 CVE-2023-47611 CVE-2023-47612 CVE-2023-47613 CVE-2023-47614 CVE-2023-47615 CVE-2023-47616 CVE-2024-6387

The following mitigations can be considered • Obtain a private cellular access point to limit impact of any potential exploit. Contact your cellular provider for availability. • Mitigate the cellular module vulnerabilities by contacting the mobile network operator and requesting to disable binary SMS for your mobile subscription. o Note that binary SMS service is often disabled by default based on operator restrictions. o If SMS services are not used in the solution, consider disabling them completely. • Establish remote connections through OpenVPN. If the SSH protocol is used for remote administration of Arctic wireless gateway, it is to be considered logging in to the wireless gateway through an OpenVPN tunnel. • Do not expose SSH port to public networks. Keep the SSH port closed to public networks and thus limit the number of potential attackers who can attempt to exploit the vulnerability. This way only devices within your private network or those connected through a secure VPN can access the SSH server. • Restrict physical access to the product. Refer to section General security recommendations for further advice on how to keep your system secure.

ABB

ABB · ARG600 ARG600

ABB · ARC600 ARC600

ABB · ARR600 ARR600

ABB · ARP600 ARP600

Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.