ABB Fixes PCM600 Vulnerabilities

Tuesday, May 31, 2016 @ 02:05 PM gHale


ABB created a new version to mitigate one use of password hash with insufficient computational effort and three insufficiently protected credentials vulnerabilities in its PCM600, according to a report on ICS-CERT.

PCM600 up to and including Version 2.6 suffer from the issue, reported directly to ABB by Ilya Karpov from Positive Technologies.

RELATED STORIES
ESC Data Controllers Vulnerabilities
Sixnet Fixes Hard-Coded Credentials Issue
New Black Box Firmware Fixes Hole
Moxa MiiNePort Vulnerabilities

An attacker who successfully exploits these vulnerabilities could edit the main application or gain access to PCM600 or connected devices.

ABB is a Switzerland-based company that maintains offices in several countries around the world.

The affected product, PCM600, is a protection and control IED manager. PCM600s see action in the energy sector. ABB said this product sees use on a global basis.

In one of the vulnerabilities, the main application password in the ACTConfig configuration file ends up hashed with a weak hashing function. In order to exploit the vulnerability, the attacker needs to have local access to the PC running PCM600.

CVE-2016-4511 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 2.8.

In addition, the main application password ends up stored insecurely after being changed. In order to exploit the vulnerability, the attacker needs to have local access to the PC running PCM600.

CVE-2016-4516 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 2.8.

Also, OPC Server IEC61850 authentication passwords end up temporarily stored insecurely. In order to exploit the vulnerability, the attacker needs to have local access to the PC running PCM600.

CVE-2016-4524 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.6.

PCM600 authentication credentials end up stored insecurely. In order to exploit the vulnerability, the attacker needs to have local access to the PC running PCM600. The access control in PCM600 needs to be active.

CVE-2016-4527 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 2.8.

These vulnerabilities are not exploitable remotely and cannot suffer exploitation without user interaction.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.

ABB fixed the issues in PCM600 Version 2.7. ABB recommends users apply the update at their earliest convenience.

ABB recommends using the following security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network:
• Physically protect control systems from direct access by unauthorized personnel
• Do not allow direct connections from control systems to the Internet
• Separate control systems from other networks by deploying a firewall that has a minimal number of ports exposed
• Do not use process control systems for Internet surfing, instant messaging, or receiving emails
• Carefully scan portable computers and removable storage media for viruses before they connect to a control system

Click here for more information on recommended practices in “1MRS758440, Protection and Control IED Manager PCM600 Cyber Security Deployment Guideline.”