ABB OPC Server for AC 800M
Plan Patch8.4ICS-CERT ICSA-22-074-01Mar 15, 2022
Attack VectorAdjacent
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
ABB OPC Server for AC 800M contains a privilege escalation vulnerability allowing a low-privileged authenticated user to remotely execute arbitrary code on the server. The vulnerability affects versions 5.1.0, 5.1.1, and 6.0.0 through 6.0.0-3. No public exploits are currently known.
What this means
What could happen
A low-privileged authenticated user on the network could run arbitrary commands on the OPC Server, potentially allowing them to alter process data, manipulate setpoints on controlled AC 800M systems, or disrupt communications between the control system and operators.
Who's at risk
Water authorities and utilities using ABB's AC 800M control systems should be concerned. The OPC Server is typically the connection point between your plant-floor control logic (in the AC 800M) and your operator workstations, historian, and other supervisory systems. If you use ABB's 800xA software suite to manage generation, distribution, or treatment processes, you are affected.
How it could be exploited
An attacker with valid credentials and network access to the OPC Server port could authenticate and execute arbitrary code on the server. The user interaction requirement (UI:R in the CVSS vector) indicates the attack may require the user to click a link or open a file, but once authenticated, the attacker gains full code execution on the server.
Prerequisites
- Valid credentials (low-privilege user account) for the OPC Server
- Network access to the OPC Server communication port
- User interaction - target user must click a link or open a file as part of the attack
Requires valid credentials (reduces but does not eliminate risk)Requires network access to specific serviceRequires user interaction componentCVSS score 8.4 (high severity)Affects critical control system communication layerNo patch available for some versions
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
OPC Server for AC 800M:5.1.1-1 | 6.0.0-16.1.0-0 or later
OPC Server for AC 800M:5.1.0-x | 5.1.1-x | ≥ 6.0.0-1 | ≤ 6.0.0-36.1.0-0 or later
OPC Server for AC 800M:5.1.0-x | 5.1.1-x | 6.0.0-x6.1.0-0 or later
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDRestrict network access to the OPC Server - only allow communication from authorized engineering workstations and supervisory systems
WORKAROUNDDisable unnecessary remote access to OPC Server; require VPN for any remote engineer access
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade 800xA Control Software for AC 800M to v6.1.0-0 or later
HOTFIXUpgrade 800xA Control Software for AC 800M to v6.0.0-4 when released (scheduled for later in 2022)
Long-term hardening
0/2HARDENINGIsolate OPC Server and AC 800M control systems behind firewalls and away from business networks
HARDENINGLimit OPC Server authentication to role-based accounts with minimum necessary privileges
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/60fe53f6-aa6f-4cee-8f2b-2c6263ba2982