CVEs (15)
Remediations
- ABB recommends that customers apply a firmware update as soon as possible to the latest firmware, i.e. LAAAB v. 5.07 and higher, for the affected products. ABB has addressed the CODESYS Runtime System vulnerabilities by disabling the IEC online programming communication by default. As a result, CODESYS communication between affected products and the ABB Automation Builder or ABB Drive Application Builder tools is disabled. It should be noted that the CODESYS application continues to run on the Drive and if it is necessary to establish communication with CODESYS RTS, for example to debug the CODESYS application, this is possible through the drive parameter configuration. Open the user lock via the "96.02 Pass code" parameter and make sure that bit 9 "Enable online IEC programming" is set to TRUE in the "96.102 User lock functionality" parameter. IMPORTANT: After this task, be sure to disable CODESYS communication by setting the bit back to FALSE. A future firmware update is planned to update the CODESYS RTS library, which will further strengthen defenses for the vulnerabilities mentioned above. For situations where firmware update is not feasible, please refer to “Workarounds” section.
Affected Vendors
ABB
Affected Products (6)
ABB
·
ACS6080
>=LAAAA_2.10.0|<LAAAB_5.06.1
ABB
·
ACS6080
LAAAB_5.07
ABB
·
ACS5000
>=LAAAB_4.03.0|<LAAAB_5.06.1
ABB
·
ACS5000
LAAAB_5.07
ABB
·
ACS6000
>=LAAAA_2.10.0|<LAAAB_5.06.1
ABB
·
ACS6000
LAAAB_5.07
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more