Positive Technologies: Hackers could have taken control of ABB's management systems.
Positive Technologies identified two vulnerabilities in the ABB Freelance AC 900F and AC 700F controllers, which received the same CVSS v3.1 score of 8.6. These devices are used in metallurgy, chemical industry and other areas. The vendor was notified of the threat under the responsible disclosure policy and released a software update.
The AC 900F and AC 700F controllers are used to build distributed control systems (DCS) in enterprises and are designed to automate large-scale continuous production.
By exploiting the discovered vulnerabilities, an attacker could stop the operation of controllers and disrupt the technological process. In addition, by sending a specially generated packet, an attacker could conduct a remote code execution attack, which would allow him to intercept control of the device.
ABB recommends that you install the updates Freelance 2016 SP1 RU06, Freelance 2019 SP1 RU02 and Freelance 2019 SP1 FP1 RU03 as soon as possible. To reduce the threat, users can also apply the measures described in the security notification.
Positive Technologies identified two vulnerabilities in the ABB Freelance AC 900F and AC 700F controllers, which received the same CVSS v3.1 score of 8.6. These devices are used in metallurgy, chemical industry and other areas. The vendor was notified of the threat under the responsible disclosure policy and released a software update.
The AC 900F and AC 700F controllers are used to build distributed control systems (DCS) in enterprises and are designed to automate large-scale continuous production.
By exploiting the discovered vulnerabilities, an attacker could stop the operation of controllers and disrupt the technological process. In addition, by sending a specially generated packet, an attacker could conduct a remote code execution attack, which would allow him to intercept control of the device.
ABB recommends that you install the updates Freelance 2016 SP1 RU06, Freelance 2019 SP1 RU02 and Freelance 2019 SP1 FP1 RU03 as soon as possible. To reduce the threat, users can also apply the measures described in the security notification.
