OTPulse
FeedAboutContact

ABB Device Library Wizard

Plan Patch7.8ICS-CERT ICSA-20-175-03Jun 23, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

A privilege escalation vulnerability in ABB Device Library Wizard (versions 6.0.3.1 and 6.0.3.2) allows a low-level local user to escalate privileges and gain full control of the workstation. Successful exploitation could allow an attacker to modify device configurations, alter control logic, or access sensitive engineering data. The vulnerability requires local access and is not remotely exploitable. ABB provides firmware updates and recommends disabling interactive logon for the service account as a workaround.

What this means
What could happen
A low-privilege user or attacker with local access to a workstation running Device Library Wizard can escalate privileges and gain complete control of the device, potentially allowing manipulation of ABB device configurations and control logic.
Who's at risk
Engineering and automation staff at utilities and manufacturing facilities who use ABB Device Library Wizard for programming and configuring ABB control devices (PLCs, relays, drives, etc.). This affects workstations in control centers, engineering departments, and remote access terminals.
How it could be exploited
An attacker with a local user account on a workstation running Device Library Wizard exploits a privilege escalation vulnerability to gain administrative access. This allows them to modify device configurations, alter control logic, or extract sensitive data from the engineering environment.
Prerequisites
  • Local user account on the workstation running Device Library Wizard
  • Device Library Wizard version 6.0.3.1, 6.0.3.2, or 6.0.X
  • Interactive logon enabled for the service account
Local privilege escalationlow attack complexityrequires user interaction to be logged in locallyaffects engineering workstations used to program safety-critical devices
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Device Library Wizard:6.0.X | 6.0.3.1 | 6.0.3.26.0.3.2 RU1 or later
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDDisable interactive logon for the Device Library Wizard service account (both local and remote)
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Device Library Wizard to version 6.0.3.2 RU1, 6.0.3.3, or 6.1.X or later
Long-term hardening
0/1
HARDENINGEnforce least privilege access controls—restrict Device Library Wizard use to engineering staff who need it
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7b8429b2-5e98-485a-b3ed-08137c1a63f8
ABB Device Library Wizard | CVSS 7.8 - OTPulse