ABB System 800xA Information Manager
Plan Patch8.8ICS-CERT ICSA-20-184-02Jul 2, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A code injection vulnerability exists in ABB System 800xA Information Manager that allows an attacker to execute arbitrary code on the information manager server through a malicious website. An unauthenticated, remote attacker can exploit this by crafting malicious web content and deceiving a user into visiting it from a browser on a machine with access to the Information Manager. Successful exploitation could allow the attacker to run arbitrary commands and compromise the industrial control system's data management and operator interface functions.
What this means
What could happen
An attacker could inject malicious code into the System 800xA Information Manager and execute it on the server, potentially gaining control over the industrial control system's data management and operator interface functions.
Who's at risk
This affects organizations running ABB System 800xA automation systems, particularly those using the Information Manager component for process monitoring and operator interface. This includes water utilities, electric utilities, and manufacturing facilities relying on ABB's integrated automation platform.
How it could be exploited
An attacker crafts a malicious website or web content and tricks a user into visiting it from a browser on a machine that can reach the Information Manager server. The vulnerability allows the attacker to inject arbitrary code through the web interface without needing valid credentials.
Prerequisites
- User must be tricked into visiting a malicious website from a machine with network access to the Information Manager
- The Information Manager must be reachable from the user's browsing environment
- The vulnerable version of System 800xA Information Manager must be deployed
remotely exploitableno authentication requiredlow complexityaffects industrial control system operator interfaceuser interaction required (social engineering)
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
System 800xA Information Manager:< 6.0.3.3 RU1No fix yet
System 800xA Information Manager:< 5.1 Rev E/5.1 FP4 Rev E TC6No fix yet
System 800xA Information Manager:< 6.1 RU1No fix yet
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDPrevent web browsing from Information Manager nodes to external networks and block access to malicious websites
WORKAROUNDRestrict network access to the Information Manager to authorized users only and ensure only legitimate persons can reach plant assets
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate System 800xA Information Manager to version 5.1 Rev E/5.1 FP4 Rev E TC6 or later if running the 5.1 track
HOTFIXUpdate System 800xA Information Manager to version 6.0.3.3 RU1 or later if running the 6.0.3 LTS track
HOTFIXUpdate System 800xA Information Manager to version 6.1 RU1 or later if running the 6.1 track
Long-term hardening
0/3HARDENINGPlace Information Manager systems behind a firewall with minimal exposed ports and no direct Internet connections
HARDENINGIsolate control system networks from the business network
HARDENINGReview Access Enable key usage in AC 800M HI and verify configured access levels of SIL variables match your risk analysis
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d032db1a-6d03-44c4-9b1b-9398f629f6fc