Security Advisory – ABB 800xA Base 6.0.x, 6.1.x CSLib Communication DoS Vulnerability

CVE ID: CVE-2024-3036

Summary: ABB has identified a vulnerability in ABB 800xA Base versions 6.1.1-2 and earlier, specifically within the CSLib communication protocol. This vulnerability allows an attacker to cause a denial of service (DoS) by sending specially crafted messages, leading to service crashes and restarts. The issue affects only PC-based client/server nodes and does not impact controllers.

Affected Products:

  • ABB 800xA Base versions 6.1.1-2 and earlier

Vulnerability Details:

  • Type: Communication DoS Vulnerability
  • Cause: Unchecked buffer
  • Impact: Services crash and restart upon receiving malicious messages
  • Severity:
  • CVSS v3.1 Base Score: 5.7
  • CVSS v4.0 Base Score: 6.9

Immediate Actions Recommended:

  • Update to ABB 800xA Base 6.2.0-0, 6.1.1-3, or 6.0.3-x to mitigate the vulnerability.

Mitigating Factors:

  • Enabling IPSec according to user documentation can protect the system from network-based exploits.

FAQs:

  • Exploit Scope: Causes server applications to crash using maliciously crafted messages.
  • Remote Exploitability: Possible if IPSec is not enabled.
  • Update Effect: Ensures the buffer is checked securely to prevent crashes.

References:

For more information and support, contact ABB’s service organization or visit their cybersecurity page.

Source URL: ABB Security Advisory