System 800xA 5.1.x, 6.0.3.x, 6.1.1.x, 6.2.x - VideONet Camera passwords stored in clear text

Monitor7.37paa012159Feb 10, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB System 800xA versions 5.1.x, 6.0.3.x, 6.1.1.x, and 6.2.x store VideONet camera passwords in clear text. An attacker with local access to a System 800xA workstation can retrieve these passwords and use them to access or disable video feeds. No updates will be released for System 800xA; ABB plans to offer migration to the new Camera Connect product as an alternative. Operator station functions, graphics, trends, and control operations are not impacted.

What this means

What could happen

An attacker with local access to a System 800xA workstation could retrieve stored VideONet camera passwords and use them to access or disable video monitoring systems, though control operations and process automation remain unaffected.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using ABB System 800xA versions 5.1.x through 6.2.x with VideONet camera management installed. This affects security monitoring and video surveillance systems in control rooms and facility monitoring, not process control systems.

How it could be exploited

An attacker with local access to the System 800xA workstation where VideONet is installed can read configuration files or memory to extract camera passwords stored in clear text. These credentials can then be used to access the VideONet system and manipulate or disable video feeds used for facility monitoring and security.

Prerequisites

Local access to System 800xA workstation
User account with local login capability
VideONet product installed and configured on the affected System 800xA version

no patch availablelocal access required but low complexityclear text credential storageaffects security monitoring systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

1 pending3 EOL

ProductAffected VersionsFix Status

System 800xA 5.1.x5.1.*No fix (EOL)

System 800xA 6.1.1.x6.1.1.*No fix (EOL)

System 800xA6.0.3.x6.0.3.*No fix yet

System 800xA 6.2.x6.2.*No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict physical and remote access to System 800xA workstations running VideONet through access controls and network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGEnforce strong endpoint security practices including regular security updates to the underlying operating system and monitoring for unauthorized access attempts

Long-term hardening

0/1

WORKAROUNDPlan migration to ABB Camera Connect product as soon as it becomes available; contact ABB for timeline and migration support

CVEs (1)

CVE-2024-10334

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5616d451-02d6-4a69-b29a-5b0b12b8be67