• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-3205 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
June 4, 2020
Rewterz Threat Alert – Lemon Duck Cryptominer Spreads through Covid-19 Themed Emails
June 5, 2020

Rewterz Threat Advisory – ICS: ABB Multiple System 800xA Products

June 4, 2020

Severity

Medium

Analysis Summary

CVE-2020-8478

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect the online view of runtime data shown in Control Builder.

CVE-2020-8484

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to manipulate the data to allow reads and writes to the controllers or cause the 800xA for DCI processes to crash.

CVE-2020-8485 

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to manipulate the data to allow reads and writes to the controllers or cause the 800xA for MOD 300 processes to crash.

CVE-2020-8486

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability concerning 800xA RNRP would be able to affect node redundancy handling. The attacked node could perceive other nodes to be unavailable, which will disrupt the communication. When running the system in simulation mode, the simulated clock could be affected.

CVE-2020-8487

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability concerning System 800xA Base would be able to affect node redundancy handling. The attacked node could perceive other nodes to be unavailable, which will disrupt the communication. When running the system in simulation mode, the simulated clock could be affected.

CVE-2020-8488

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect how the UI is updated during batch execution. The compare and printing functionality in batch could also be affected.

CVE-2020-8489

The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect the runtime values that are to be stored in the archive. Also, this can make information management history services unavailable to the clients.

Impact

Tamper with runtime data in the system

Affected Vendors

ABB

Affected Products

System 800xA

Remediation

Refer to ICS advisory for the list of complete list of affected products and upgraded patches.

https://www.us-cert.gov/ics/advisories/icsa-20-154-03

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.