B&R PPT30 Operating System

Risk Summary

B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible.

CVEs (1)

Remediations

• The problem is corrected in the following product versions: PPT30 Operating System 1.8.0. The OPC-UA server is not activated by default. B&R recommends that customers with the OPC-UA Server enabled to install the update at their earliest opportunity. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
• The optional OPC-UA server is not activated by default. The OPC-UA server shall only be activated, if required. PPT30 products are intended to operate at Levels 1 and 2 of the ABB ICS Cyber Security Reference Architecture. To restrict access to the OPC-UA server exclusively to trusted IP addresses, configure the South Firewall and/or the Control Network Firewall accordingly, and properly segment the network where the PPT30 operates. Additionally, ensure that the physical network interfaces assigned to the same logical network as the PPT30 are accessible only to authorized personnel. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Affected Vendors

Affected Products (2)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater