ABB Drive Composer

Plan PatchCVSS 9.8ICS-CERT ICSA-25-037-03Feb 5, 2025

ABBManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Path traversal vulnerability in ABB Drive Composer versions 2.9.0.1 and earlier allows attackers to access arbitrary files on the host machine. Successful exploitation could allow unauthorized file system access and arbitrary code execution on the engineering workstation, potentially compromising drive configurations and enabling further network compromise.

What this means

What could happen

An attacker could read files from or write malicious code to the host machine running Drive Composer, potentially compromising the engineering workstation and the drives it controls. This could allow the attacker to alter drive configurations, stop operations, or pivot to other systems on the network.

Who's at risk

Manufacturing facilities using ABB Drive Composer (entry or pro versions) on engineering workstations are affected. This includes any organization that programs or configures ABB variable frequency drives (VFDs) or other ABB drives through the Drive Composer software.

How it could be exploited

An attacker with network access to the host machine running Drive Composer can exploit a path traversal vulnerability (CWE-22) to access arbitrary files on the file system. By crafting a malicious request or file, the attacker can read sensitive files or upload and execute malicious code without credentials.

Prerequisites

Network access to the machine running Drive Composer (port and protocol unspecified in advisory)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects engineering software controlling industrial equipment

Exploitability

Some exploitation risk — EPSS score 2.3%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Drive Composer entry <= 2.9.0.1≤ 2.9.0.12.9.1

Drive Composer pro <= 2.9.0.1≤ 2.9.0.12.9.1

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Drive Composer entry and pro to version 2.9.1 or later

Long-term hardening

0/4

HARDENINGIsolate the network containing Drive Composer and engineering workstations from general-purpose networks (office, internet) using firewalls and network segmentation

HARDENINGRestrict network access to Drive Composer machines to only authorized engineering workstations and maintenance personnel

HARDENINGNever connect Drive Composer workstations to networks other than those for the specific drives they are intended to program

HARDENINGImplement physical access controls to prevent unauthorized personnel from connecting to or operating engineering workstations running Drive Composer

CVEs (1)

CVE-2024-48510

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cac72614-4746-44f8-ab56-2d7c9aff787f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.