ABB Edgenius Management Portal

Risk Summary

ABB identified a critical vulnerability present in ABB Ability Edgenius starting from version 3.2.0.0. We have not received any reports of this vulnerability being exploited. An unauthenticated attacker could exploit this vulnerability to: → install and run arbitrary code, → uninstall installed applications, → modify the configuration of installed applications, on systems running the vulnerable versions of ABB Ability Edgenius, including 3.2.0.0 through 3.2.1.1.

CVEs (1)

Remediations

• ABB has prepared an update to fix this vulnerability included in the latest Roll-Up, ABB Ability Edgenius version 3.2.2.0. ABB advises customers to upgrade as soon as possible. Until the upgrade is applied, ABB advises customers to disable the Edgenius Management Portal to mitigate the vulnerability.
• Exploitation requires an attacker to have gained access to the network where Edgenius has been deployed, and while the Edgenius Management Portal is running. Refer to section “General security recommendations” for further advise on how to keep your system secure.
• Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workaround.

Affected Vendors

Affected Products (3)

Affected Sectors

Critical Manufacturing, Information Technology