ABB Central Licensing System - Denial of Service Vulnerability
Description
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.
Affected products
18- ABB/ABB Ability System 800xAv5Range: 5.1
- ABB/ABB Ability™ SCADAvantagev5Range: 5.1
- ABB/AdvaBuildv5Range: 3.7 SP1
- ABB/Advant OCS AC 100 OPS Serverv5Range: 5.1
- ABB/Advant OCS Control Builder Av5Range: 1.3
- ABB/Central Licensing Systemv5Range: 5.1
- ABB/Compact HMIv5Range: 5.1
- ABB/Composer CTKv5Range: 6.1
- ABB/Composer Harmonyv5Range: 5.1
- ABB/Composer Melodyv5Range: 5.3
- ABB/Control Builder Safev5Range: 1.0
- ABB/Harmony OPC Server Standalonev5Range: 6.0
- ABB/Knowledge Managerv5Range: 8.0
- ABB/Manufacturing Operations Managementv5Range: 1812
- ABB/OPC Data Linkv5Range: 2.1
- ABB/OPC Server for Mod 300 (non-800xA)v5Range: 1.4
- Range: 1.1
- Range: 3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.