OTPulse
FeedAboutContact

ABB FOX515T

Monitor6.2ICS-CERT ICSA-17-304-01Oct 31, 2017
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in ABB FOX515T release 1.0 allows unauthorized reading of sensitive configuration data and credentials without authentication. The vulnerability is classified as an improper input validation issue (CWE-20). An attacker with local or isolated network access can extract sensitive information stored on the device. No patch is available from the vendor for this product.

What this means
What could happen
An attacker with physical or local network access to the ABB FOX515T could read sensitive configuration data and credentials stored on the device, potentially allowing further unauthorized access to connected industrial systems.
Who's at risk
Water utilities, municipal electric systems, and other industrial facilities using ABB FOX515T programmable controllers for process automation, valve control, or motor management functions. The FOX515T is commonly deployed in HVAC systems, water treatment, and small industrial automation applications.
How it could be exploited
An attacker would need to connect to the FOX515T via local network access or physical access to the device. The vulnerability allows reading sensitive data (likely configuration files or memory) without requiring authentication, enabling the attacker to extract credentials or operational parameters used elsewhere in the system.
Prerequisites
  • Local or isolated network access to the FOX515T device
  • Physical access to the device or connection to the local network segment where FOX515T operates
  • No authentication required
No authentication requiredLow complexity attackNo patch availableLocal network access sufficientSensitive data exposure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
FOX515T: release 1.01.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDImplement firewall rules to limit connections to the FOX515T to only necessary engineering and control workstations
WORKAROUNDChange all credentials on systems that interface with the FOX515T, assuming any stored credentials may be compromised
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGRestrict physical and network access to the FOX515T device using locks, cable management, and network segmentation
HARDENINGMonitor network traffic to and from the FOX515T for suspicious access patterns or data exfiltration
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/768769ce-991e-4216-a258-a7c9f7542682