AABB PCM600

MonitorCVSS 4.4ICS-CERT ICSA-26-120-02Nov 3, 2025

ABB

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

A path traversal vulnerability in the SharpZip library bundled with ABB PCM600 (versions 1.5 to 2.13) allows an attacker with local access and user interaction to write and execute arbitrary code on the system. The vulnerability could compromise protection relay configurations and control logic. ABB has released version 2.14 as a fix. Customers using RE_630 protection relays should note that PCM600 2.14 is not compatible; they must implement system-level defenses if unable to upgrade.

What this means

What could happen

An attacker with local access and user interaction could insert and execute arbitrary code on PCM600, potentially compromising the integrity of protection relay configurations and control logic for power systems.

Who's at risk

Utilities and industrial sites managing electrical protection relays and control IEDs through ABB PCM600 should prioritize this update. This tool is commonly used in power distribution and generation facilities to configure and manage protection and control devices. Anyone running PCM600 versions 1.5 through 2.13 is affected.

How it could be exploited

An attacker with local system access could exploit a path traversal flaw in the SharpZip library (CWE-22) to write malicious code to arbitrary locations. User interaction is required—the attacker would need to trick a user into opening a crafted file or performing an action that triggers the vulnerability. Once executed, the attacker gains code execution on the PCM600 system.

Prerequisites

Local access to the PCM600 system
User with PCM600 privileges to perform file operations or import actions
User interaction required (opening a malicious file or action trigger)
PCM600 version 1.5 through 2.13

Local access requiredUser interaction requiredPath traversal vulnerabilityCode execution possibleAffects protection relay management (safety-critical)

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (1)

ProductAffected VersionsFix Status

Protection and Control IED manager PCM600 >=1.5|<=2.13≥ 1.5|≤ 2.132.14

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDIf RE_630 protection relays are in use and PCM600 cannot be upgraded to 2.14, implement network-level defenses to restrict local access to PCM600 systems and disable file import features not required for operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PCM600 to version 2.14 or later

Long-term hardening

0/1

HARDENINGRestrict local access to PCM600 engineering workstations to authorized personnel only; control who can import files or perform system modifications

CVEs (1)

CVE-2018-1002208

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9ea2a649-8620-4253-9644-9ec50d5b8b86

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.