ABB netCADOPS Web Application

Monitor5.8ICS-CERT ICSA-18-051-01Feb 20, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB netCADOPS Web Application contains an information disclosure vulnerability (CWE-200) that allows unauthenticated remote access to sensitive data. Affected versions: ADMS 3.4 and earlier, 7.1 and earlier, 7.2 and earlier, 8.0 and earlier, and 8.1 and earlier. Vendor has released patched versions: 3.4.34.6, 7.1.16.1, 7.2.10, 8.0.20, and 8.1.7.1 (Release 16, February 2018).

What this means

What could happen

An unauthenticated attacker can access sensitive information from the netCADOPS web application, potentially exposing configuration data, operational status, or other details that could aid further attacks against your distribution management system.

Who's at risk

Electric utilities and water authorities running ABB ADMS (Advanced Distribution Management System) netCADOPS for real-time grid or water network visualization and control. Affects operations staff, control room systems, and any networked workstations with access to the web interface.

How it could be exploited

An attacker on the network (or with network access to your netCADOPS server) can send HTTP requests to the web application without credentials to retrieve information that should be restricted. The low CVSS score reflects limited confidentiality impact, but unauthorized visibility into ADMS configuration or status is a concern in OT environments.

Prerequisites

Network access to the netCADOPS web application server (typically port 80/443)
No authentication required

remotely exploitableno authentication requiredlow complexityinformation disclosure

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

netCADOPS Web Application:≤ 7.2x; ≤ 8.1; ≤ 8.0; ≤ 7.1; ≤ 3.4No fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the netCADOPS web server using firewall rules—allow only engineering workstations and HMIs that require access, block all other network segments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade netCADOPS ADMS to version 3.4.34.6 (if running 3.4), 7.1.16.1 (if running 7.1), 7.2.10 (if running 7.2), 8.0.20 (if running 8.0), or 8.1.7.1 (if running 8.1)

Long-term hardening

0/1

HARDENINGPlace netCADOPS behind a WAF or reverse proxy to limit exposure and add an additional layer of authentication if the application permits

CVEs (1)

CVE-2018-5477

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/77006063-de9d-4abe-9288-8832e3e34d96