19 July 2018

Dangerous vulnerability identified in ABB Panel Builder 800 engineering software

A dangerous vulnerability has been identified in Panel Builder 800 engineering software, which runs on ABB Panel 800 HMI devices. Under certain conditions, its exploitation could enable attackers to insert and run arbitrary code on computers on which the vulnerable software is installed.

The vulnerability, which has been assigned CVE-2018-10616, is caused by improper input validation by the file parser and affects all versions of Panel Builder 800. To exploit the vulnerability, an attacker has to trick a user into opening a specially crafted file. An exploit can only be launched if a local user runs a vulnerable product and opens a specially crafted file. The vulnerability cannot be exploited remotely.

A CVSS v.3 base score of 7.0 has been calculated for the vulnerability.

ABB is investigating the issue and recommends taking the following mitigation measures until a patch is available:

  • conduct additional cybersecurity awareness training for users of Panel Builder 800, including best-practice security recommendations for industrial control systems and informing users that Panel Builder 800 files can be infected with malware;
  • carefully inspect all files transferred between computers, including scanning them with up-to-date antivirus software, and use special care when working with files received from untrusted sources;
  • implement proper user account management and use the appropriate authentication and access management procedures based on the least-privilege principle.

Sources: ICS-CERT, ABB