ABB CMS-770

Plan Patch8.8ICS-CERT ICSA-18-352-06Dec 18, 2018

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB CMS-770 Condition Monitoring System (version 1.7.1 and earlier) contains an authentication bypass vulnerability (CWE-287) that allows an attacker on the network to bypass login requirements and gain full control of the device. The vulnerability has a CVSS score of 8.8, indicating high impact on confidentiality, integrity, and availability. No patch is available from ABB. The device must be installed according to ABB's updated technical manual, and network isolation is the primary mitigation strategy.

What this means

What could happen

An attacker on the same network segment as the CMS-770 could bypass authentication and gain full control of the device, potentially altering system configurations, stopping operations, or disrupting energy/utility management functions.

Who's at risk

Operators of ABB CMS-770 Condition Monitoring Systems in power generation, transmission, distribution, and industrial facilities should prioritize this issue. This includes utilities managing rotating machinery, switchgear, and substation equipment monitored by CMS-770 platforms.

How it could be exploited

An attacker with network access to the CMS-770 (ARP on the same segment or routed network path) can send specially crafted requests to the device that bypass authentication checks. Once authenticated as a privileged user without providing credentials, the attacker can issue commands to alter device configuration or operation.

Prerequisites

Network access to the CMS-770 on the same segment or routed path (Layer 2 or Layer 3)
No credentials required to exploit the authentication bypass
Device running CMS-770 firmware version 1.7.1 or earlier

Remotely exploitable (across network segments)No authentication requiredLow complexity attackNo patch available (end-of-life product)High CVSS score (8.8)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

CMS-770: Software≤ 1.7.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate CMS-770 devices from the business network; place them behind a firewall that restricts inbound access to only authorized workstations and systems.

WORKAROUNDIf remote access to CMS-770 is required, use a VPN with current security patches and strong authentication; do not expose the device directly to the Internet.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from CMS-770 for unauthorized access attempts; log and alert on failed or suspicious authentication events.

Mitigations - no patch available

0/1

CMS-770: Software has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment CMS-770 devices into a dedicated control system network separate from corporate IT; prevent direct routing from business networks to the device.

CVEs (1)

CVE-2018-17928

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e62369e1-2d99-416b-ba0f-fcd7e225724c