ABB is currently investigating an improper input validation vulnerability and recommends users follow certain guidelines until a corrected version is available for its Panel Builder 800, according to a report with NCCIC.
An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file.
Michael DePlante of Leahy Center and Michael Flanders of Trend Micro, both working with Trend Micro’s Zero Day Initiative, reported this vulnerability to ABB, which then reported it to NCCIC.
An engineering tool for the process panels included in the product suite Panel 800, all version of Panel Builder 800 suffer from the vulnerability.
An improper input validation vulnerability has been identified, which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
CVE-2018-10616 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.0.
The product sees action in the chemical, critical manufacturing, energy, dams, water and wastewater, and food and agriculture sectors. It also sees use on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. High skill level is needed to exploit.
Switzerland-based ABB is currently investigating this vulnerability and recommends users follow these suggestions until a corrected version is available.
Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network.
Such practices include:
1. Conduct or reinforce cybersecurity awareness training for users of Panel Builder 800:
• Describing general cybersecurity best practice recommendations for industrial control systems
• Informing that it is possible to infect Panel Builder files with malware
• Describing the importance of being careful with files that are received unexpectedly and/or from unexpected sources
2. Carefully inspecting any files transferred between computers, including scanning them with up-to-date antivirus software, so that only the legitimate files are being transferred.
3. User account management, appropriate authentication and permission management using the principle of least privilege.
See the following cybersecurity advisory on the ABB website for more information.