ABB PCM600 Vulnerabilities

Monitor4.6ICS-CERT ICSA-16-152-02Mar 4, 2016

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

ABB PCM600 station engineering software versions 2.6 and earlier contain improper authentication and credential storage vulnerabilities (CWE-916, CWE-522). These issues could allow a local attacker with valid credentials to read sensitive configuration data or cause the application to malfunction. No patch is available from the vendor.

What this means

What could happen

An attacker with local access and valid credentials could read sensitive configuration or engineering data from the PCM600 station engineering software, or potentially cause the application to malfunction and interrupt engineering workflows.

Who's at risk

ABB power system asset owners and utilities using PCM600 software for station configuration and control. This affects engineering and planning staff who work with PCM600 on their workstations to manage electrical substation settings and parameters.

How it could be exploited

An attacker must first gain local access to a computer where PCM600 is installed and have valid user credentials. Once logged in, the attacker can exploit an improper authentication or credential storage issue to access sensitive information or cause a denial of service to the engineering application.

Prerequisites

Local access to the engineering workstation running PCM600
Valid user credentials on the PCM600 system or Windows account
PCM600 version 2.6 or earlier

no patch availablerequires local access and credentials

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

PCM600: <=2.6≤ 2.6No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGMonitor for unusual access attempts or data exfiltration from PCM600 engineering workstations

Mitigations - no patch available

0/3

PCM600: <=2.6 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement strict access controls on engineering workstations running PCM600; limit who can log in locally and restrict physical access to these machines

HARDENINGEnforce strong password policies for all user accounts on PCM600 systems

HARDENINGIsolate PCM600 engineering workstations from general corporate networks using network segmentation or air-gapping where possible

CVEs (4)

CVE-2016-4511 CVE-2016-4516 CVE-2016-4524 CVE-2016-4527

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/aa5c7ec2-68c9-417c-b480-d159cf19ce97