System 800xA SECURITY Advisory - ABB 800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability

Monitor5.77PAA013309Jun 5, 2024

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB 800xA Base versions 6.0.3-9 and earlier, and 6.1.1-2 and earlier, contain a vulnerability in CSLib communication that allows an authenticated attacker on the local network to crash 800xA services and force restarts. The vulnerability affects PC-based client/server nodes only (engineering workstations and servers), not dedicated controllers. An attacker could send specially crafted CSLib protocol messages to trigger denial of service by crashing the affected service processes.

What this means

What could happen

An attacker on the local network could crash 800xA engineering workstations and servers by sending malicious CSLib messages, forcing service restarts and interrupting control system engineering or monitoring activities.

Who's at risk

Owners and operators of ABB System 800xA automation platforms using 6.0.x or 6.1.x versions should assess this impact. Primarily affects engineering departments and control center staff who depend on 800xA workstations and servers for plant monitoring, parameter changes, and system diagnostics. Does not affect dedicated controllers.

How it could be exploited

An attacker with local network access and valid engineering workstation credentials sends specially crafted CSLib protocol messages to 800xA PC-based services. The malformed messages cause the engineering client or server process to crash and automatically restart, disrupting engineering work and situational awareness.

Prerequisites

Local network access (AV:A) to the 800xA engineering workstation or server
Low-level engineering credentials (PR:L) to authenticate to CSLib communication
System 800xA 6.0.x or 6.1.x version running on PC-based client or server node

Low complexity exploitationLocal network access required (reduces exposure vs. remote)Authentication required (reduces risk for isolated deployments)Affects availability of engineering tools and operational visibilityVendor has released patches

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

800xA Base <=6.1.1-2≤ 6.1.1-26.1.1-3

800xA Base <=6.0.3-9≤ 6.0.3-96.1.1-3

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to ABB 800xA Base 6.1.1-3 or later (System 800xA 6.1.1.2) for most deployments

HOTFIXFor 6.0.3.x users unable to upgrade immediately, apply RollUp 6.0.3-10 scheduled for September 2025

Long-term hardening

0/2

HARDENINGRestrict local network access to 800xA engineering workstations and servers to authorized engineering staff and subnets only

HARDENINGSegment the engineering network from production control devices to limit exposure if workstations are compromised

CVEs (1)

CVE-2024-3036

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/db43ca6d-1375-495f-86d5-796ccf1c6a6f