OTPulse
FeedAboutContact

ABB System 800xA Base

Plan Patch7.8ICS-CERT ICSA-20-154-02Jun 2, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

System 800xA Base versions 6.0 and earlier contain a privilege escalation vulnerability (CWE-732) that allows authenticated local users to gain elevated access and disrupt or modify control system functions. The vulnerability requires valid user credentials and local/direct network access; it is not remotely exploitable. ABB has released a fix in version 6.1, with a planned update for the 6.0.3 LTS branch.

What this means
What could happen
An authenticated attacker with a compromised user account could escalate privileges on the System 800xA Base platform and stop or disrupt critical control system functions in water treatment, power generation, or other process automation facilities.
Who's at risk
Water utilities, electric utilities, and other process automation operators using ABB System 800xA Base for SCADA, DCS, or process control. Specifically affects facilities running versions 6.0 and earlier on engineering workstations, control servers, and operator consoles.
How it could be exploited
An attacker with valid credentials to a System 800xA Base workstation or engineering console can exploit a privilege escalation flaw to gain higher-level access. Once elevated, they can modify control logic, change process setpoints, or halt system operations. Local or direct network access is required; remote exploitation is not possible.
Prerequisites
  • Valid user account credentials on System 800xA Base
  • Local or direct network access to the affected system (not remotely exploitable)
  • System running version 6.0 or earlier
requires valid credentials (not unauthenticated)low complexity exploitationlocal/direct network access onlyaffects control system operationsno patch available for 6.0 versions (future 6.0.3 LTS planned)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
System 800xA Base:≤ 6.06.1
Remediation & Mitigation
0/5
Do now
0/3
WORKAROUNDReset passwords for all user accounts suspected to be compromised or whose credentials may be known to unauthorized persons
HARDENINGDisable interactive logon (local and remote) for service accounts, allowing only application use
HARDENINGRestrict user account access to System 800xA Base to only authorized engineering and operations personnel
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade System 800xA Base to version 6.1 or later
Long-term hardening
0/1
HARDENINGApply the principle of least privilege across all user accounts and service roles
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/014ee73b-58aa-4c66-a650-624855e14d3b
ABB System 800xA Base | CVSS 7.8 - OTPulse