ABB Ellipse
Monitor6.5ICS-CERT ICSA-17-353-01Dec 19, 2017
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ABB Ellipse versions 8.5.26 through 8.9.6 contain an unauthenticated remote information disclosure vulnerability in the maintenance port. An attacker without credentials can connect to the maintenance interface and extract sensitive configuration data, including user credentials, system settings, and other confidential information. The vulnerability affects all recent Ellipse versions released in December 2017 and requires only network access to the maintenance port to exploit. No vendor patches are available.
What this means
What could happen
An attacker with network access to the Ellipse maintenance port could access confidential configuration data including user credentials, which could enable further compromise of the asset management system or connected industrial processes.
Who's at risk
Organizations operating ABB Ellipse (versions 8.5.26 through 8.9.6) for asset management, maintenance planning, or process control integration, particularly utilities, manufacturing plants, and facilities with networked industrial equipment.
How it could be exploited
An attacker on the same network segment as an Ellipse server connects to the maintenance port without authentication and sends commands to extract configuration data, including stored credentials and system settings. No special knowledge or credentials are needed.
Prerequisites
- Network access to Ellipse maintenance port (requires same network segment or direct routing)
- No authentication credentials required
remotely exploitableno authentication requiredlow complexityaffects maintenance and configuration systemscredential exposure risk
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
Ellipse 8.8.12: Release 7 Dec 20178.8.12No fix (EOL)
Ellipse 8.9.6: Release 7 Dec 20178.9.6No fix (EOL)
Ellipse 8.5.26: Release 7 Dec 20178.5.26No fix (EOL)
Ellipse 8.7.18: Release 7 Dec 20178.7.18No fix (EOL)
Ellipse 8.6.21: Release 5 Dec 20178.6.21No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to the Ellipse maintenance port using firewall rules; limit to trusted engineering workstations only
HARDENINGMonitor and disable the maintenance port if not actively used for system administration
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGChange all stored credentials in Ellipse after implementing network access controls
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Ellipse 8.8.12: Release 7 Dec 2017, Ellipse 8.9.6: Release 7 Dec 2017, Ellipse 8.5.26: Release 7 Dec 2017, Ellipse 8.7.18: Release 7 Dec 2017, Ellipse 8.6.21: Release 5 Dec 2017. Apply the following compensating controls:
HARDENINGSegment the Ellipse server onto a separate network that is not reachable from standard IT networks or the internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1dd79544-9f9c-4a56-98fb-57f227b6b071