Security Advisory – High-Risk DoS Vulnerability in ABB’s Control API ‘VPNI’ Affects S+ Operations

ABB has identified a high-severity Denial of Service (DoS) vulnerability, CVE-2024-0335, affecting its VPNI feature in the S+ Control API used in Symphony Plus products like S+ Operations, S+ Engineering, and S+ Analyst. Specifically, versions 3.3 SP1 RU4 and earlier of S+ Operations, versions 2.1 SP2 RU3 and earlier of S+ Engineering, versions 2.0 SP6 TC6 and earlier, versions 2.1 through 2.3 RU3, and S+ Analyst versions to are impacted. The flaw is due to improper handling of malformed packets, leading to a service crash and halting data transfer. Customers are urged to upgrade their systems to the latest versions to mitigate this vulnerability. ABB has not received reports of active exploitation of this flaw.