ABB Device Library Wizard

Plan PatchCVSS 7.8ICS-CERT ICSA-20-175-03Jun 23, 2020

ABB

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A privilege escalation vulnerability in ABB Device Library Wizard (versions 6.0.3.1 and 6.0.3.2) allows a low-level local user to escalate privileges and gain full control of the workstation. Successful exploitation could allow an attacker to modify device configurations, alter control logic, or access sensitive engineering data. The vulnerability requires local access and is not remotely exploitable. ABB provides firmware updates and recommends disabling interactive logon for the service account as a workaround.

What this means

What could happen

A low-privilege user or attacker with local access to a workstation running Device Library Wizard can escalate privileges and gain complete control of the device, potentially allowing manipulation of ABB device configurations and control logic.

Who's at risk

Engineering and automation staff at utilities and manufacturing facilities who use ABB Device Library Wizard for programming and configuring ABB control devices (PLCs, relays, drives, etc.). This affects workstations in control centers, engineering departments, and remote access terminals.

How it could be exploited

An attacker with a local user account on a workstation running Device Library Wizard exploits a privilege escalation vulnerability to gain administrative access. This allows them to modify device configurations, alter control logic, or extract sensitive data from the engineering environment.

Prerequisites

Local user account on the workstation running Device Library Wizard
Device Library Wizard version 6.0.3.1, 6.0.3.2, or 6.0.X
Interactive logon enabled for the service account

Local privilege escalationlow attack complexityrequires user interaction to be logged in locallyaffects engineering workstations used to program safety-critical devices

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Device Library Wizard:6.0.X | 6.0.3.1 | 6.0.3.26.0.3.2 RU1+

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDisable interactive logon for the Device Library Wizard service account (both local and remote)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Device Library Wizard to version 6.0.3.2 RU1, 6.0.3.3, or 6.1.X or later

Long-term hardening

0/1

HARDENINGEnforce least privilege access controls—restrict Device Library Wizard use to engineering staff who need it

CVEs (1)

CVE-2020-8482

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b8429b2-5e98-485a-b3ed-08137c1a63f8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.