ABB M2M ETHERNET

Monitor6.3ICS-CERT ICSA-18-352-07Dec 18, 2018

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB M2M Ethernet devices with firmware version 2.22 or earlier (or 1.01 or earlier on older models) contain an authentication weakness (CWE-287) that allows an attacker on the local network to access the device without credentials. This could allow reading or modifying configuration, intercepting communications, or altering automation setpoints. No vendor fix is available. ABB recommends following their updated technical manual and security notification ABBVU-EPBP-R-5672.

What this means

What could happen

An attacker with network access to the M2M Ethernet device could read or modify sensitive configuration and process data, or disrupt communication between automation systems in the plant.

Who's at risk

Plant operations and automation system integrators using ABB M2M Ethernet modules for inter-system communication. This impacts any facility that relies on M2M Ethernet for connecting PLCs, drives, or other industrial controllers.

How it could be exploited

An attacker on the same local network (or with access to it) can interact with the M2M Ethernet device without authentication. They could craft commands to read device configuration, intercept inter-system communications, or inject malicious data to alter automation behavior.

Prerequisites

Local network access to the M2M Ethernet device
Device running firmware version 2.22 or earlier (or firmware version 1.01 or earlier for older models)
No authentication credentials required

No patch availableNo authentication requiredAffects inter-system communicationLow complexity attack

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

M2M ETHERNET: FW≤ 2.22 | ≤ 1.01No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate M2M Ethernet devices from the business network using network segmentation and firewalls

HARDENINGEnsure M2M Ethernet devices are not directly accessible from the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGInstall device according to latest ABB technical manual and security notification ABBVU-EPBP-R-5672

Mitigations - no patch available

0/1

M2M ETHERNET: FW has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIf remote access is required, implement secure VPN connection with latest security patches

CVEs (1)

CVE-2018-17926

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5cd13c17-c789-4855-a5e8-050b7d06ab39