ABB Ability System 800xA

Monitor6.9ICS-CERT ICSA-24-177-01Jun 25, 2024

Summary

ABB 800xA Base versions 6.1.1-2 and earlier contain input validation flaws (CWE-20) that allow unauthenticated attackers to cause denial of service by crashing system services. Successful exploitation results in service crashes and restarts, disrupting process control and monitoring. Fixes are available in ABB 800xA Base 6.2.0-0, 6.1.1-3, and 6.0.3-x.

What this means

What could happen

Successful exploitation could cause the ABB 800xA system services to crash and restart, potentially disrupting process monitoring and control in critical infrastructure operations.

Who's at risk

Energy utilities, water treatment plants, and manufacturing facilities that operate ABB System 800xA automation platforms. Organizations using versions 6.1.1-2 or earlier are affected, particularly those with networked ABB 800xA systems.

How it could be exploited

An attacker with network access to the ABB 800xA system could send malformed input that bypasses input validation (CWE-20), triggering a crash of system services. The attack does not require authentication.

Prerequisites

Network reachability to ABB 800xA system
No authentication required

remotely exploitableno authentication requiredlow complexityaffects critical infrastructure control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

ABB 800xA Base: <=6.1.1-2≤ 6.1.1-26.2.0-0 or 6.1.1-3 or 6.0.3-x

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDIf remote access to ABB 800xA is required, use a VPN and keep it updated to the latest version

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB 800xA Base to version 6.2.0-0 (part of System 800xA 6.2.0.0) or 6.1.1-3 (part of System 800xA 6.1.1.2) or 6.0.3-x (next revision)

Long-term hardening

0/1

HARDENINGEnsure ABB 800xA systems are not directly accessible from the internet; isolate control system networks behind firewalls and separate from business networks

CVEs (1)

CVE-2024-3036

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e36c630e-c3e7-4199-8fd7-3e471477bb48