CISA Issues Six New ICS Advisories for ABB Products
CISA has issued six new ICS advisories detailing critical vulnerabilities in various ABB industrial products, ranging from authentication bypasses to remote code execution risks.
CISA has published a series of six industrial control system (ICS) advisories detailing critical vulnerabilities across various ABB products. These flaws span a wide range of security issues, including authentication bypasses, path traversal, integer overflows, and improper implementation of communication protocols. The affected products include ABB System 800xA, Symphony Plus, Edgenius Management Portal, PCM600, OPTIMAX, and AWIN Gateways.
Depending on the specific product and vulnerability, attackers could exploit these weaknesses to execute arbitrary code, bypass authentication, modify system configurations, or cause device faults that require manual restarts. For instance, vulnerabilities in ABB Ability Symphony Plus Engineering could allow for arbitrary code execution via compromised PostgreSQL components, while flaws in the Edgenius Management Portal could permit an attacker to uninstall applications or modify configurations.
Users are urged to review the individual CISA ICS advisories for specific mitigation steps, patch availability, and version-specific guidance. Organizations should prioritize patching or implementing the recommended workarounds to protect their operational technology environments from potential exploitation. [CISA]