ICSA-26-141-02 · Published 2026-05-21 · View on CISA ICS-CERT ↗

ABB B&R PCs

CVSS 8.3 HIGH

Risk Summary

ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information.

CVEs (9)

CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2023-45236 CVE-2023-45237

Remediations

The problems are corrected in the following product versions: - APC4100 1.09 - APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). - C80 1.14 - MPC3100 1.24 - PPC1200 1.14 - PPC900 2.16 - APC2200 1.35 - PPC2200 1.35 - APC3100 1.45 - PPC3100 1.45 B&R recommends that customers apply the update at earliest convenience. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Deactivate the vulnerable component - The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. Limit accessibility - If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. https://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html Refer to section “General security recommendations” for further advise on how to keep your system secure.
The problems are corrected in the following product versions: - APC4100 1.09 - APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). - C80 1.14 - MPC3100 1.24 - PPC1200 1.14 - PPC900 2.16 - APC2200 1.35 - PPC2200 1.35 - APC3100 1.45 - PPC3100 1.45 B&R recommends that customers apply the update at earliest convenience. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.

Affected Vendors

ABB

Affected Products (19)

ABB · APC4100 <1.09

ABB · APC4100 1.09

ABB · APC910 <=1.25

ABB · C80 <1.14

ABB · C80 1.14

ABB · MPC3100 <1.24

ABB · MPC3100 1.24

ABB · PPC1200 <1.14

ABB · PPC1200 1.14

ABB · PPC900 <2.16

ABB · PPC900 2.16

ABB · APC2200 <1.35

ABB · APC2200 1.35

ABB · PPC2200 <1.35

ABB · PPC2200 1.35

ABB · APC3100 <1.45

ABB · APC3100 1.45

ABB · PPC3100 <1.45

ABB · PPC3100 1.45

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more