Vulnerabilities discovered by Positive Technologies in ABB controllers have been fixed - Middle East News 247
December 13, 2024
NEWS DESK

Vulnerabilities discovered by Positive Technologies in ABB controllers have been fixed

ABB thanked Natalya Tlyapova and Denis Goryushev for discovering two vulnerabilities in its Freelance AC 900F and AC 700F controllers. These devices are used in the metal and chemical industry. The vendor was notified of the threat in line with the responsible disclosure policy and released software patches.

The AC 900F and AC 700F controllers are used in distributed control systems (DCS) of industrial plants to automate their continuous production processes. ABB is leading in the global DCS market, with a market share of 20%.

Vulnerabilities CVE-2023-0425 and CVE-2023-0426 both received a CVSS v3.1 score of 8.6, which means high severity.

According to the application analysts at Positive Technologies who discovered the vulnerabilities, exploitation of these security flaws can allow attackers to shut down controllers, disrupting production processes. In addition, sending a specially crafted package could enable remote code execution attacks aimed at hijacking the devices.

ABB recommends installing updates Freelance 2016 SP1 RU06, Freelance 2019 SP1 RU02, and Freelance 2019 SP1 FP1 RU03 as soon as possible. To mitigate the threat, users can also take actions described in the security advisory.

Positive Technologies suggests using PT Industrial Security Incident Manager, an in-depth industrial traffic analysis system, for detecting attempts to exploit ICS vulnerabilities. PT ISIM recognizes communication protocols of ABB Freelance controllers, analyzes commands, and informs the security team about suspicious events and incidents.

Last Updated on 9 months by News Desk 1

News Desk 1

News Desk 1

News Desk 1 publishes the latest press releases that third parties submit - who are solely and legally responsible for the provided content - and are published as received, without editing by Middle East News 247 editors. Send press releases: press@menews247 or WhatsApp: 971 56 852 2508
Follow Me:

Related Posts