ABB Drive Composer

Act Now9.8ICS-CERT ICSA-25-037-03Feb 6, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A path traversal vulnerability (CWE-22) in ABB Drive Composer entry and pro versions up to 2.9.0.1 allows attackers to access the file system on the host machine without authentication. Successful exploitation could allow attackers to run malicious code and compromise the affected system. ABB has released version 2.9.1 as a fix for both entry and pro variants.

What this means

What could happen

An attacker could execute arbitrary code on the Drive Composer host machine, potentially compromising the integrity of drive configurations and control parameters across connected ABB drives in manufacturing plants.

Who's at risk

Manufacturing facilities using ABB Drive Composer (entry or pro version) to manage and configure ABB industrial drives should update immediately. This includes any organization running version 2.9.0.1 or earlier that relies on Drive Composer for drive commissioning, parameter configuration, or maintenance.

How it could be exploited

An attacker with network access to a machine running Drive Composer can exploit a path traversal vulnerability (CWE-22) to access the file system on the host without authentication. Once file system access is obtained, the attacker can write and execute malicious code to compromise the system and any drives managed through that instance.

Prerequisites

Network access to the host machine running Drive Composer (entry or pro version)
Drive Composer version 2.9.0.1 or earlier installed and running
No credentials required for exploitation

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8)Allows arbitrary code execution

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Drive Composer entry <= 2.9.0.1≤ 2.9.0.12.9.1

Drive Composer pro <= 2.9.0.1≤ 2.9.0.12.9.1

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Drive Composer (both entry and pro variants) to version 2.9.1 or later

Long-term hardening

0/4

HARDENINGIsolate Drive Composer host machines from general-purpose networks (office/home networks) using firewalls and network segmentation

HARDENINGNever connect programming software computers to networks other than the network for the intended ABB drives

HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing Drive Composer host machines and connected devices

HARDENINGImplement network exposure minimization to ensure Drive Composer hosts are not accessible from the Internet unless required

CVEs (1)

CVE-2024-48510

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cac72614-4746-44f8-ab56-2d7c9aff787f