OTPulse
FeedAboutContact

ABB DataManagerPro Credential Management Vulnerability

Monitor7.2ICS-CERT ICSA-16-259-02Jun 19, 2016
Attack VectorLocal
Auth RequiredHigh
ComplexityHigh
User InteractionRequired
Summary

ABB DataManagerPro versions 1.0.0 through 1.6.x contain a credential management vulnerability (CWE-427) that allows an attacker with local access to an engineering workstation to extract improperly secured credentials. The vulnerability affects the secure storage of passwords and configuration data used to manage ABB industrial control equipment. CVSS score 7.2 indicates high impact on confidentiality and integrity. No vendor patch is available for affected versions.

What this means
What could happen
An attacker with local access to an engineering workstation running DataManagerPro could exploit insecure credential storage to obtain sensitive system passwords or configuration data, potentially allowing unauthorized access to critical infrastructure control systems.
Who's at risk
Water authorities, electric utilities, and other industrial operators using ABB DataManagerPro to manage SCADA systems, PLCs, RTUs, or other networked control equipment should implement access controls on engineering workstations to reduce credential exposure risk.
How it could be exploited
An attacker with physical or local network access to a DataManagerPro engineering workstation would exploit the credential management vulnerability to extract plaintext or weakly encrypted credentials stored by the application. These credentials could then be used to access ABB control systems or connected industrial equipment.
Prerequisites
  • Local or physical access to engineering workstation running DataManagerPro
  • ABB DataManagerPro version 1.0.0 through 1.6.x installed
  • Credentials stored in DataManagerPro (typical in operational environments)
No patch availableAffects engineering workstations with access to control systemsCredential theft could enable unauthorized system modificationsLocal/physical access required but common in operational environments
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
DataManagerPro: >=1.0.0|<1.7.0≥ 1.0.0|<1.7.0No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict physical and local network access to engineering workstations running DataManagerPro to authorized personnel only
HARDENINGAudit all credentials stored within DataManagerPro and rotate any that may have been exposed or are stored insecurely
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HARDENINGImplement host-based access controls and monitor for unauthorized access attempts to DataManagerPro workstations
HARDENINGSegregate engineering workstations onto a protected network segment with firewall rules limiting lateral movement to control systems
WORKAROUNDDisable or remove DataManagerPro if it is no longer actively used in operations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/888198c5-6549-489e-a4d0-b0dcbaf6788d
ABB DataManagerPro Credential Management Vulnerability | CVSS 7.2 - OTPulse