ABB Arctic ARG600, ARC600, ARR600, ARP600 Arctic Wireless Gateway Modem Module and OpenSSH vulnerabilities

Act Now8.12nga002427Apr 7, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

ABB Arctic ARG600, ARC600, ARR600, and ARP600 wireless gateway modem modules contain two classes of vulnerabilities. The Telit PLS62-W modem module has a vulnerability that allows arbitrary code execution without authentication, potentially enabling denial of service or interception of unencrypted traffic. Additionally, an OpenSSH vulnerability in the gateway firmware allows arbitrary code execution with elevated privileges, which could stop the device, render it inaccessible, or allow full device takeover. The modem module vulnerability affects all versions of these products. The OpenSSH vulnerability affects firmware versions 3.4.10 through 3.4.13. ABB has transitioned these products to Limited support status and will not provide security patches.

What this means

What could happen

An attacker could execute arbitrary code on the wireless modem or the gateway itself, potentially intercepting unencrypted communications, disrupting tunnel operations, or taking control of the device. This could impact rail signaling, crossing controls, or wayside systems that rely on these gateways for remote connectivity.

Who's at risk

This affects transportation operators (rail, transit authorities) who use ABB Arctic wireless gateways for remote monitoring and control of signaling, crossing systems, or wayside equipment. Any organization using ARG600, ARC600, ARR600, or ARP600 gateways, especially those running firmware 3.4.10 through 3.4.13, is at risk.

How it could be exploited

An attacker with network access to the gateway could exploit the modem module vulnerability to run code in the wireless subsystem, or exploit the OpenSSH vulnerability to gain privileged access to the main device. The modem vulnerability could allow interception of unencrypted traffic between the modem and the gateway; the OpenSSH flaw could give an attacker full control of the device.

Prerequisites

Network access to the gateway (port 22 for SSH, or wireless interface connectivity)
No authentication required for modem module vulnerability
Valid SSH credentials for OpenSSH exploitation

remotely exploitableno authentication required for modem vulnerabilityno patch availablehigh EPSS score (57.6%)end-of-life product

Exploitability

High exploit probability (EPSS 57.6%)

Affected products (7)

7 EOL

ProductAffected VersionsFix Status

Arctic Wireless Gateway ARG600 with Telit PLS62-W wireless modem module.All versionsNo fix (EOL)

Arctic Wireless Gateway ARC600 with Telit PLS62-W wireless modem module.All versionsNo fix (EOL)

Arctic Wireless Gateway ARR600 with Telit PLS62-W wireless modem module.All versionsNo fix (EOL)

Arctic ARG600 with firmware version>=3.4.10 to <=3.4.13≥ 3.4.10|≤ 3.4.13No fix (EOL)

Arctic ARC600 with firmware version>=3.4.10 to <=3.4.13≥ 3.4.10|≤ 3.4.13No fix (EOL)

Arctic ARR600 with firmware version>=3.4.10 to <=3.4.13≥ 3.4.10|≤ 3.4.13No fix (EOL)

Arctic ARP600 with firmware version>=3.4.10 to <=3.4.13≥ 3.4.10|≤ 3.4.13No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDRestrict network access to the gateway: implement firewall rules to allow SSH (port 22) only from authorized engineering workstations on your management network

WORKAROUNDDisable SSH service on the gateway if remote management is not required

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXIf possible, apply firmware updates beyond version 3.4.13 when available from ABB

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: Arctic Wireless Gateway ARG600 with Telit PLS62-W wireless modem module., Arctic Wireless Gateway ARC600 with Telit PLS62-W wireless modem module., Arctic Wireless Gateway ARR600 with Telit PLS62-W wireless modem module., Arctic ARG600 with firmware version>=3.4.10 to <=3.4.13, Arctic ARC600 with firmware version>=3.4.10 to <=3.4.13, Arctic ARR600 with firmware version>=3.4.10 to <=3.4.13, Arctic ARP600 with firmware version>=3.4.10 to <=3.4.13. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the wireless gateway on a dedicated VLAN separate from production control systems

HARDENINGMonitor and log all connections to the gateway; alert on unauthorized access attempts

HARDENINGEvaluate replacing these end-of-life products with supported alternatives as part of long-term infrastructure modernization

CVEs (8)

CVE-2023-47610 CVE-2023-47611 CVE-2023-47612 CVE-2023-47613 CVE-2023-47614 CVE-2023-47615 CVE-2023-47616 CVE-2024-6387

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/84cb349c-2ef9-460b-b4d9-f8b606747689