Risk Summary
ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways.
Remediations
- ABB has investigated these vulnerabilities to provide adequate protection to customers. The problem is corrected in the following product versions: T-MAC Plus version 4.0-25 ABB recommends that customers apply the update at earliest convenience.
- The misconfigurations on the IIS server, which were reported to security auditing, have been corrected. File Browsing Feature was enabled on that IIS server. That feature along with the default IIS site has been removed.
- Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.
- ABB T-MAC Plus web application supports several classes of users (e.g., Admin, Customer, Operator, etc.) with different roles. An authenticated user with low privileges (e.g., Customer) can execute administrative operations. The privileges associated to the different users have been revised and applied correctly.
- A DOM-based XSS vulnerability is present. If a malicious actor gains access to the operations network and can create or edit an existing entity, they could insert malicious JavaScript code to be executed in the web forms. New T-MAC Plus version 4.0-25 will correct the vulnerability.
- If a malicious actor gains physical access to a serial device, disables it, connects a malicious device with same IP address, and sends a specially crafted message, the service responsible for communicating with the device will be blocked until a manual restart is performed. New T-MAC Plus version 4.0-25 will correct the vulnerability.
Affected Vendors
ABB
Affected Products (2)
ABB
·
T-MAC Plus
4.0-24
ABB
·
T-MAC Plus
4.0-25
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more