ABB Mitigation Plan for M2M ETHERNET

Wednesday, December 19, 2018 @ 03:12 PM gHale

ABB has a mitigation plan to handle an improper authentication vulnerability in its M2M ETHERNET, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Maxim Rupp (RuppIT), could allow an attacker to upload a malicious language file.

ABB Mitigation Plan for CMS-770
Siemens Fixes TIM 1531 IRC Module Hole
3S-Smart Software Fixes CODESYS V3 Line
3S-Smart Software Fixes CODESYS Control Issue

A network analyzer, M2M ETHERNET: FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior suffer from the vulnerability. The vulnerability is exploitable from an adjacent network.

An attacker can upload a malicious language file by bypassing the user authentication mechanism.

CVE-2018-17926 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

The product sees use in multiple industry sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

ABB recommends installing the device in accordance with the latest instructions from the updated technical manual. For additional information, refer to ABB’s security notification ABBVU-EPBP-R-5672.

Leave a Reply

You must be logged in to post a comment.