ABB Multiple System 800xA Products
Monitor7.8ICS-CERT ICSA-20-154-03Jun 2, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple ABB System 800xA modules contain vulnerabilities that allow authenticated attackers to crash system nodes or modify runtime process data. Affected modules include the DCI (Distributed Control Interface), Batch Management, OPC Server, MMS Server, SoftControl Base Software, Information Management, RNRP (Real-time Network Redundancy Protocol), MOD 300 interface, and the 800xA Base system. All versions of these products are vulnerable. Exploitation requires valid user credentials and interactive logon capability. ABB has not provided patches and states these will be addressed in future versions only.
What this means
What could happen
An attacker with valid user account credentials could make System 800xA nodes unreachable or alter runtime process data, disrupting production automation and batch operations.
Who's at risk
Water authorities and utilities running ABB System 800xA for industrial automation should be concerned. This affects distributed control systems (DCI), batch process management, real-time data management (RNRP), and the base platform. Any facility using 800xA for process automation, including water treatment, electric generation, or manufacturing, is potentially affected.
How it could be exploited
An attacker with valid credentials to a System 800xA workstation or service account could authenticate to the affected modules (DCI, Batch Management, OPC Server, etc.) and either crash the system node or modify running process parameters. This requires the attacker to already have compromised user credentials or have physical/network access to an authenticated service account.
Prerequisites
- Valid user account credentials (local or remote logon)
- Access to a System 800xA workstation or network path where the service is running
- Interactive logon enabled for the compromised user account
No patch availableAffects automation platform used in critical infrastructureAuthentication required but service account compromise is realisticCould disable system nodes or alter setpoints in critical processes
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (9)
9 EOL
ProductAffected VersionsFix Status
800xA for DCI: all versionsAll versionsNo fix (EOL)
800xA Batch Management: all versionsAll versionsNo fix (EOL)
800xA Information Management: all versionsAll versionsNo fix (EOL)
MMS Server for AC 800M: all versionsAll versionsNo fix (EOL)
Base Software for SoftControl: all versionsAll versionsNo fix (EOL)
OPC Server for AC 800M: all versionsAll versionsNo fix (EOL)
800xA RNRP: all versionsAll versionsNo fix (EOL)
800xA for MOD 300: all versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3WORKAROUNDReset all user account passwords in System 800xA if any are suspected to be compromised
WORKAROUNDDisable interactive logon (local and remote) for all service accounts in System 800xA
HARDENINGRestrict System 800xA user account access to only authorized personnel
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXMonitor for patched versions when ABB releases future product updates
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: 800xA for DCI: all versions, 800xA Batch Management: all versions, 800xA Information Management: all versions, MMS Server for AC 800M: all versions, Base Software for SoftControl: all versions, OPC Server for AC 800M: all versions, 800xA RNRP: all versions, 800xA for MOD 300: all versions, System 800xA Base: all versions. Apply the following compensating controls:
HARDENINGApply principle of least privilege to all System 800xA user accounts
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f952f132-0a84-4903-b35d-c73bb4804308