Your one-stop web resource providing safety and security information to manufacturers

ABB has a mitigation plan to handle an improper authentication vulnerability in its CMS-770, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Maxim Rupp (RuppIT), may allow an attacker to read sensitive configuration files that may lead to code execution on the device.

RELATED STORIES
Siemens Fixes TIM 1531 IRC Module Hole
3S-Smart Software Fixes CODESYS V3 Line
3S-Smart Software Fixes CODESYS Control Issue
Advantech Fixes WebAccess/SCADA Hole

CMS-770: Software Versions 1.7.1 and prior from the ABB and Busch-Jaeger brands. The vulnerability is exploitable from an adjacent network.

An attacker can read sensitive configuration files by bypassing the user authentication mechanism.

Cyber Security

CVE-2018-17928 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

The product sees use in multiple manufacturing sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

ABB recommends installing the device in accordance with the latest instructions from the updated technical manual. For additional information, refer to ABB’s security notification ABBVU-EPBP-R-5673 and the product user manual.

Pin It on Pinterest

Share This