30 April 2020

Multiple vulnerabilities in ABB 800xA DCS

Multiple vulnerabilities have been identified in the ABB 800xA distributed control system (DCS) and related products. The vulnerabilities could allow an attacker to gain remote access to ABB 800xA hosts, elevate privileges on these hosts or cause denial-of-service conditions.

In addition to the ABB 800xA DCS, vulnerable products include OPC Server and MMS Server, Compact HMI, 800xA Batch Management (an application software package), Control Builder (engineering software) and the 800xA RNRP protocol.

The issues identified include:

  • Remote Code Execution (CVE-2020-8477), associated with a vulnerability in the Information Manager component, for which a CVSS v.3 base score of 8.8 has been calculated. To exploit the vulnerability, an attacker needs to lure the user to a malicious website.
  • XXE-vulnerability (CVE-2020-8479) associated with a flaw in the Central Licensing System component. The CVSS  v.3 base score calculated for this vulnerability is 8.2.
  • Privilege Escalation Through Weak Registry Key Permissions (CVE-2020-8474) and Privilege Escalation Through Weak File Permissions (CVE-020-8472, CVE-2020-8473, CVE-2020-8471). The severity score calculated for each of these vulnerabilities is 7.8.
  • DoS vulnerability (CVE-2020-8475), with a CVSS v.3 base score of 7.5.
  • Privilege Escalation Through Weak Kernel Object Permissions (CVE-2020-8478, CVE-2020-8484, CVE-2020-8485, CVE-2020-8486, CVE-2020-8487, CVE-2020-8488, CVE-2020-8489). The CVSS v.3 base score calculated for each of these vulnerabilities is 7.0.
  • Sensitive information in log files (CVE-2020-8481). The CVSS v.3 base score calculated for this vulnerability is 7.0.
  • License Server Exposed Remotely Without Authentication (CVE-2020-8476). The severity score of this vulnerability on the CVSS v.3 scale is 5.3.

The vendor has released fixes for some of the solutions and is developing updates for the remaining products.

Sources: Applied Risk, ABB