Risk Summary
ABB became aware of severe vulnerability in the products versions listed as affected in the advisory, if the optional integration with Azure Active Directory for Single-Sign On is enabled. We have not received any reports of this vulnerability being exploited. An attacker who successfully exploits this vulnerability could bypass user authentication and potentially cause the product to: - Shutdown the system, - Modify the configuration of the system, - Install and run arbitrary code
CVEs (1)
Remediations
- The problem is corrected in the following product versions: - ABB Ability OPTIMAX v6.4.1-251120 (see References 9AKK108472A0435) or later - ABB Ability OPTIMAX v6.3.1-251120 (see References 9AKK108472A0437) or later ABB recommends that customers using earlier versions of OPTIMAX v6.4 and OPTIMAX v6.3 apply an update of the operating system at earliest convenience. Customers still using the meanwhile unsupported OPTIMAX v6.2 or v6.1 shall contact ABB to identify the right way forward.
- Exploitation requires three preconditions: - OPTIMAX is configured to integrate with Azure Active Directory, - An attacker has a network communication channel with OPTIMAX, - An attacker knows a valid username on the OPTIMAX system other than the default username. Refer to section “General security recommendations” for further advise on how to keep your system secure.
Affected Vendors
ABB
Affected Products (6)
ABB
·
6.1
vers:all/*
ABB
·
6.2
vers:all/*
ABB
·
6.3
<6.3.1-251120
ABB
·
6.3
6.3.1-251120
ABB
·
6.4
<6.4.1-251120
ABB
·
6.4
6.4.1-251120
Affected Sectors
Energy, Water and Wastewater
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more