ELSB/Home Solutions Outdated SW Components in ABB Welcome IP-Gateway.

Act Now9.89akk108470a8948May 29, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB Welcome IP-Gateway contains use-after-free vulnerabilities (CWE-416) in outdated software components integrated into the gateway firmware. An attacker with network access to an unprotected gateway could execute arbitrary code and potentially compromise the confidentiality, integrity, and availability of automation data and gateway operations. ABB emphasizes that the gateway IP address must not be accessible from the Internet or other untrusted networks and should be operated behind a firewall. Firmware versions 6.20 and earlier are affected. The vulnerabilities were identified through analysis of 2518 reported CVEs in embedded components; 7 high-severity, 34 medium-severity, and 403 low-severity CVEs in integrated software components were confirmed to impact the gateway.

What this means

What could happen

An attacker with network access to an unprotected Welcome IP-Gateway could execute arbitrary code, potentially compromising plant automation data, log integrity, and gateway availability. This could disrupt building automation systems that rely on the gateway for remote management and monitoring.

Who's at risk

Building automation operators and integrators using ABB Welcome IP-Gateway products, particularly facilities with remote monitoring, maintenance access, or gateway devices previously exposed to untrusted networks. Impacts ELSB/Home Solutions automation infrastructure that depends on the gateway for remote management.

How it could be exploited

An attacker on the network sends a crafted request to the Welcome IP-Gateway that exploits a use-after-free vulnerability (CWE-416) in outdated software components embedded in the gateway firmware. No authentication is required. If successful, the attacker executes arbitrary code with the same privileges as the gateway process, potentially gaining control of automation logic.

Prerequisites

Network access to the Welcome IP-Gateway IP address
Gateway exposed to an untrusted network (accessible from outside the firewall, not behind a firewall protecting it)
Gateway firmware version 6.20 or earlier

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects critical automation systemsno fix available for MDRC variant

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

2 with fix1 pending

ProductAffected VersionsFix Status

Welcome IP-Gateway Firmware≤ 6.206.25

Welcome IP-Gateway MDRC Firmware≤ 6.20No fix yet

Welcome IP-Gateway Welcome M Firmware≤ 6.206.25

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDImplement firewall rules to restrict inbound connections to Welcome IP-Gateway; ensure the gateway is not directly accessible from the Internet or untrusted networks

HARDENINGConfigure the gateway to initiate outbound connections to the Internet Service Provider; block all unsolicited inbound traffic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Welcome IP-Gateway and Welcome IP-Gateway Welcome M firmware to version 6.25 or later

CVEs (2)

CVE-2024-56601 CVE-2023-6932

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/68c4126e-1280-46aa-93c1-cc8940982979