ABB MV Drives Affected by CODESYS RTS (Runtime System) Vulnerabilities

Plan Patch8.89akk108470a9989Apr 10, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in the CODESYS Runtime System (v3.5.15.0) embedded in ABB MV Drives (ACS6080, ACS5000, ACS6000) can cause out-of-bounds memory access. Successful exploitation may result in denial-of-service or arbitrary code execution on the drive. The vulnerabilities affect firmware versions 2.10.0 through 5.06.1 across the three affected product lines.

What this means

What could happen

An attacker could crash a drive (stopping operation) or run arbitrary code on it, potentially altering process parameters, disabling safeties, or causing uncontrolled equipment behavior in your medium-voltage installations. This directly affects availability and integrity of motor control systems.

Who's at risk

This affects operators and engineers managing ABB medium-voltage variable frequency drives (ACS6080, ACS5000, ACS6000) used in motor control applications at water authorities, utilities, and industrial facilities. Anyone running firmware versions 2.10.0 through 5.06.1 on these drives is at risk.

How it could be exploited

An attacker with network access to an ACS drive and valid engineering credentials could enable the CODESYS IEC online programming interface (disabled by default in the patched version) and then exploit an out-of-bounds memory vulnerability to crash the device or execute arbitrary code. The attack requires local network access and authentication.

Prerequisites

Network access to the affected ACS drive over the management/engineering interface
Valid engineering workstation or drive parameter configuration credentials
CODESYS online programming communication enabled on the drive (disabled by default in current firmware)

Remotely exploitableRequires valid credentials (medium complexity)High CVSS score (8.8)Affects motor control/operational safety systemsOut-of-bounds memory access can lead to DoS or code execution

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

ACS6080 Firmware≥ 2.10.0|≤ 5.06.15.07

ACS5000 Firmware≥ 4.03.0|≤ 5.06.15.07

ACS6000 Firmware≥ 2.10.0|≤ 5.06.15.07

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGVerify CODESYS online IEC programming is disabled by default (bit 9 in parameter 96.102 set to FALSE)

WORKAROUNDIf online CODESYS communication is needed for debugging, enable it only when necessary via parameter 96.02 and 96.102, then immediately disable (set bit 9 to FALSE) after use

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ACS6080, ACS5000, and ACS6000 drives to firmware version 5.07 or later

Long-term hardening

0/1

HARDENINGRestrict network access to drive management interfaces using firewall rules and network segmentation

CVEs (15)

CVE-2022-4046 CVE-2023-37550 CVE-2023-37549 CVE-2023-37548 CVE-2023-37547 CVE-2023-37546 CVE-2023-37545 CVE-2023-37556 CVE-2023-37555 CVE-2023-37554 CVE-2023-37553 CVE-2023-37552 CVE-2023-37557 CVE-2023-37559 CVE-2023-37558

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8350d8c5-23ed-4daf-8e35-c4164a9c0327