PCM600 SharpZip library vulnerability

MonitorCVSS 4.42nga002813Nov 3, 2025

ABB

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

PCM600 (Protection and Control IED Manager) versions 1.5 through 2.13 contain a path traversal vulnerability in the bundled SharpZip library. An attacker with local access who can convince a user to open a malicious archive file could write arbitrary files to the system and execute code with the privileges of the application user. This could compromise the integrity of relay configurations and engineering data. The issue is resolved in version 2.14, though that version is incompatible with RE_630 protection relays.

What this means

What could happen

An attacker with local access to a PCM600 workstation could exploit a path traversal flaw in the SharpZip library to write arbitrary files and execute code, potentially compromising engineering data and control logic for protection relays.

Who's at risk

Engineering and maintenance teams managing ABB protection relays and IED devices through PCM600 should prioritize this update. The vulnerability affects anyone using PCM600 versions 1.5 through 2.13 to configure, monitor, or update protection relays in power systems, substations, and industrial control environments. Organizations using RE_630 relays face a compatibility constraint that may delay patching.

How it could be exploited

An attacker with local access to the PCM600 management workstation could craft a malicious archive file that, when processed by the vulnerable SharpZip library, bypasses directory restrictions and writes code to executable locations. The attacker would need to trick a user into opening the archive (requires user interaction) or place it in a location the application automatically processes.

Prerequisites

Local access to the PCM600 workstation
Low privilege user account on the workstation
User interaction to open a malicious archive file OR automatic processing of archives from an attacker-controlled source
PCM600 version 1.5 through 2.13 installed

Local attack vector requiredLow complexity exploitationUser interaction requiredHigh impact to integrity (arbitrary code execution)Affects engineering/configuration tools

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (1)

ProductAffected VersionsFix Status

Protection and Control IED manager PCM600 >=1.5|<=2.13≥ 1.5|≤ 2.132.14

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDisable or restrict the ability for users to open untrusted archive files on PCM600 workstations through file association controls or application whitelisting

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PCM600 to version 2.14 or later

Long-term hardening

0/2

HARDENINGIf RE_630 protection relays are in use and PCM600 cannot be updated to 2.14, restrict local access to PCM600 workstations through physical security or network-based access controls

HARDENINGEnsure PCM600 workstations are not directly accessible from untrusted networks; isolate them on a dedicated engineering network segment

CVEs (1)

CVE-2018-1002208

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/abe80c32-ce93-41a0-ba3e-578067fce78b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.