ABB Arctic Wireless Gateways

Act Now9.2ICS-CERT ICSA-25-100-09Apr 10, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

ABB Arctic wireless gateways (ARG600, ARC600, ARR600, ARP600) contain multiple vulnerabilities in the Telit PLS62-W modem module and SSH implementation. The modem module vulnerabilities can be exploited via binary SMS messages with no authentication required, allowing remote arbitrary code execution with elevated privileges. The SSH vulnerability allows unauthorized access if the SSH port is exposed to untrusted networks. Successful exploitation enables arbitrary code execution, denial of service, or tampering with unencrypted traffic. All versions of the affected gateway models are vulnerable; no firmware patches are available from ABB.

What this means

What could happen

An attacker could run arbitrary code on the Arctic wireless gateway with administrative privileges, potentially altering process setpoints, stopping operations, or disrupting communications. Additionally, unencrypted traffic passing through the device could be intercepted and modified by an attacker.

Who's at risk

This affects water utilities, electric utilities, and other operators running ABB Arctic wireless gateways (ARG600, ARC600, ARR600, ARP600 models) for remote monitoring and control of distribution networks, substations, and critical infrastructure. Any organization using these gateways for wireless communications to industrial control systems should assess exposure immediately.

How it could be exploited

An attacker can exploit vulnerabilities in the Telit PLS62-W modem module via binary SMS messages, or leverage SSH access if the device is exposed to a network the attacker can reach. Once exploited, the attacker gains privileged code execution, allowing them to control the gateway and any connected industrial processes or manipulate data in transit.

Prerequisites

Network access to the device (cellular network for SMS attacks, or direct network access to SSH port 22 if exposed)
Binary SMS service enabled on the cellular subscription (for modem module attacks)
SSH service exposed to an untrusted network (for SSH vulnerability exploitation)

Remotely exploitableHigh EPSS score (54.5%)No patch availableAffects industrial automation systemsArbitrary code execution with administrative privilegesAffects critical infrastructure communications

Exploitability

High exploit probability (EPSS 54.5%)

Affected products (7)

4 pending3 EOL

ProductAffected VersionsFix Status

Arctic Wireless Gateway ARG600 with Telit PLS62-W wireless modem module.All versionsNo fix (EOL)

Arctic ARG600 with firmware version>=3.4.10 to <=3.4.13ARG600No fix yet

Arctic ARC600 with firmware version>=3.4.10 to <=3.4.13ARC600No fix yet

Arctic ARR600 with firmware version>=3.4.10 to <=3.4.13ARR600No fix yet

Arctic ARP600 with firmware version>=3.4.10 to <=3.4.13ARP600No fix yet

Arctic Wireless Gateway ARC600 with Telit PLS62-W wireless modem module.All versionsNo fix (EOL)

Arctic Wireless Gateway ARR600 with Telit PLS62-W wireless modem module.All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDContact your mobile network operator and request disabling binary SMS service on the subscription to mitigate modem module vulnerabilities

HARDENINGIf SSH is used for remote administration, establish connections exclusively through OpenVPN tunnels and ensure SSH port is not exposed to public networks or untrusted networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGIf SMS services are not required for the solution, disable them completely

HARDENINGRestrict physical access to the Arctic wireless gateway devices to authorized personnel only

HARDENINGObtain a private cellular access point from your mobile network operator to limit exposure if the device is compromised

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Arctic Wireless Gateway ARG600 with Telit PLS62-W wireless modem module., Arctic Wireless Gateway ARC600 with Telit PLS62-W wireless modem module., Arctic Wireless Gateway ARR600 with Telit PLS62-W wireless modem module.. Apply the following compensating controls:

HARDENINGIsolate Arctic wireless gateway and any connected automation networks behind firewalls, separate from general-purpose networks (office, internet-facing systems)

CVEs (8)

CVE-2024-6387 CVE-2023-47610 CVE-2023-47611 CVE-2023-47612 CVE-2023-47613 CVE-2023-47614 CVE-2023-47615 CVE-2023-47616

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8d1d4522-95a2-4ef9-a262-1c5ac09bca6d