ABB ACS880 Drives Containing CODESYS RTS

Plan Patch8.8ICS-CERT ICSA-25-093-03Apr 3, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB ACS880 drives containing vulnerable CODESYS Runtime System versions contain multiple input validation and buffer overflow flaws (CWE-20, CWE-787, CWE-119) in the drive firmware. An attacker with engineering credentials and network access to the drive's programming interface could upload and execute arbitrary code or trigger denial of service. The vulnerability stems from insufficient validation of IEC online programming communication. ABB has released firmware updates that disable IEC online programming by default and fix the underlying input validation issues. For products without patches available (APCLX, ATBLX), the workaround is to manually disable file download capability via parameter 196.102.

What this means

What could happen

An attacker with network access and valid engineering credentials could upload malicious code to the ACS880 drive or cause it to become unresponsive, disrupting motor and power conversion operations in manufacturing plants.

Who's at risk

Manufacturing plants and industrial facilities using ABB ACS880 variable frequency drives (VFDs) for motor control and IGBT power conversion systems should assess their inventory. This includes all ACS880 Primary Control and IGBT Supply Control variants (AINLX, YINLX, AISLX, ALHLX, YISLX, YLHLX, APCLX, ATBLX). Position Control (APCLX) and Test Bench Control (ATBLX) variants have no patch available and rely on workarounds only.

How it could be exploited

An attacker with engineering credentials and network access to the drive could exploit input validation flaws in the CODESYS Runtime System to upload and execute arbitrary code, or trigger a buffer overflow to crash the drive and deny service. This requires the attacker to reach the drive's engineering port (typically TCP/502 or similar) and authenticate with valid engineering credentials.

Prerequisites

Network access to the ACS880 drive's engineering communication port
Valid CODESYS engineering tool credentials or programming software access
IEC online programming enabled (default disabled in patched versions)

remotely exploitablerequires valid engineering credentialsno patch available for APCLX and ATBLXlow complexity exploitationaffects motor control and power conversion

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (8)

6 with fix2 EOL

ProductAffected VersionsFix Status

ACS880 Primary Control Program AINLX < v3.47<AINLX v3.47>=AINLX_v3.47

ACS880 Primary Control Program YINLX < v1.30<YINLX v1.30>=AINLX_v3.47

ACS880 IGBT Supply Control Program AISLX < v3.43<AISLX v3.43>=AISLX_v3.43

ACS880 IGBT Supply Control Program ALHLX < v3.43<ALHLX v3.43>=AISLX_v3.43

ACS880 IGBT Supply Control Program YISLX < v1.30<YISLX v1.30>=AISLX_v3.43

ACS880 IGBT Supply Control Program YLHLX < v1.30<YLHLX v1.30>=AISLX_v3.43

ACS880 Position Control Program APCLX <= v1.04.0.5≤ APCLX v1.04.0.5No fix (EOL)

ACS880 Test Bench Control Program ATBLX <= v3.44.0.0≤ ATBLX v3.44.0.0No fix (EOL)

Remediation & Mitigation

0/11

Do now

0/2

WORKAROUNDFor AINLX, YINLX, AISLX, ALHLX, YISLX, YLHLX: Set parameter 196.102 bit 2 to disable file download if firmware update cannot be applied

WORKAROUNDFor APCLX and ATBLX (no patch available): Set parameter 196.102 bit 2 to disable file download

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ACS880 Primary Control Program AINLX to v3.47 or later

HOTFIXUpgrade ACS880 Primary Control Program YINLX to v1.30 or later

HOTFIXUpgrade ACS880 IGBT Supply Control Program AISLX to v3.43 or later

HOTFIXUpgrade ACS880 IGBT Supply Control Program ALHLX to v3.43 or later

HOTFIXUpgrade ACS880 IGBT Supply Control Program YISLX to v1.30 or later

HOTFIXUpgrade ACS880 IGBT Supply Control Program YLHLX to v1.30 or later

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: ACS880 Position Control Program APCLX <= v1.04.0.5, ACS880 Test Bench Control Program ATBLX <= v3.44.0.0. Apply the following compensating controls:

HARDENINGIsolate automation networks from office and general-purpose networks using firewalls and network segmentation

HARDENINGRestrict physical access to ACS880 drives and connected programming workstations

HARDENINGKeep CODESYS programming tools on isolated engineering workstations that do not connect to general networks

CVEs (15)

CVE-2023-37559 CVE-2023-37558 CVE-2023-37557 CVE-2023-37556 CVE-2023-37555 CVE-2023-37554 CVE-2023-37553 CVE-2023-37552 CVE-2023-37550 CVE-2023-37549 CVE-2023-37548 CVE-2023-37547 CVE-2023-37546 CVE-2023-37545 CVE-2022-4046

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close