Atlas Copco Power Focus 6000

Monitor6.5ICS-CERT ICSA-23-159-01Jun 8, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Atlas Copco Power Focus 6000 devices (all versions) contain information disclosure and session hijacking vulnerabilities (CWE-312, CWE-334, CWE-319). The vulnerabilities allow unauthenticated attackers with network access to capture sensitive configuration or credential data and hijack active user sessions. Successful exploitation results in loss of sensitive information and unauthorized takeover of an operator's active session. Atlas Copco has not provided patches or committed to remediation. No public exploits are currently known, but attack complexity is low.

What this means

What could happen

An attacker with network access could intercept sensitive configuration or credential information from the Power Focus 6000 and potentially take control of an operator's active session, allowing unauthorized changes to power distribution settings or monitoring.

Who's at risk

Power utilities and energy facilities operating Atlas Copco Power Focus 6000 power supply or power management systems should prioritize this. Any organization using the Power Focus 6000 in a critical power control or distribution role needs to assess exposure and apply compensating controls immediately.

How it could be exploited

An attacker on the network (or via internet if the device is exposed) can intercept unencrypted communications between a user and the Power Focus 6000 to capture session tokens or sensitive data. With a captured session token, the attacker can masquerade as the legitimate user and issue commands to the device without needing to authenticate.

Prerequisites

Network path to the Power Focus 6000 device
Ability to intercept network traffic (MITM position or compromised network segment)
User must be actively logged into the device for session hijacking

remotely exploitableno authentication required for session hijackinglow complexity attackno patch availablesensitive information exposureaffects power control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Power Focus 6000: *All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict network access to Power Focus 6000—do not expose to the internet or untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to Power Focus 6000 is required, require use of a VPN with current security patches and strong authentication

HOTFIXContact Atlas Copco to request security patches or timeline for remediation

Mitigations - no patch available

0/2

Power Focus 6000: * has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlace Power Focus 6000 behind a firewall and on a segmented OT network isolated from business systems

HARDENINGMonitor network traffic to and from Power Focus 6000 for signs of unauthorized access or session anomalies

CVEs (3)

CVE-2023-1897 CVE-2023-1898 CVE-2023-1899

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bc6f4c0e-7e1f-4873-b496-56441759354d