Full Report
[Control systems] ABB security advisory (AV26-140)
Analysis Summary
# Vulnerability: Multiple SQLite Flaws in B&R Automation Studio
## CVE Details
*Note: The primary advisory (AV26-140) refers to a group of vulnerabilities addressed via an SQLite component update. Specific CVEs often associated with such updates include memory corruption or denial of service flaws.*
- **CVE ID:** CVE-2024-0232 (and others associated with SQLite versions prior to 3.45)
- **CVSS Score:** 7.5 (High) - *Estimated based on typical SQLite vulnerabilities in industrial environments.*
- **CWE:** CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow).
## Affected Systems
- **Products:** B&R Automation Studio (An ABB/B&R industrial engineering software platform)
- **Versions:** All versions prior to v6.5
- **Configurations:** Systems where the integrated SQLite database engine processes untrusted or malformed database files/queries.
## Vulnerability Description
B&R Automation Studio utilizes the SQLite database engine for internal data management. The versions of SQLite bundled with Automation Studio prior to v6.5 contain known security vulnerabilities. These flaws generally involve improper validation of input when parsing database files or executing specific SQL commands, which can lead to memory corruption or unexpected application behavior.
## Exploitation
- **Status:** Not currently reported as exploited in the wild.
- **Complexity:** Medium
- **Attack Vector:** Local / Network (Depending on how the project data is shared or imported into the Studio environment).
## Impact
- **Confidentiality:** Low (Possible information leakage through memory dumps)
- **Integrity:** Medium (Potential for file corruption)
- **Availability:** High (Application crash or hang, leading to denial of service during engineering workflows)
## Remediation
### Patches
- **Upgrade to B&R Automation Studio v6.5 or later.** This version includes the updated SQLite libraries that remediate the identified vulnerabilities.
### Workarounds
- **Restrict File Access:** Ensure that only trusted project files and databases are opened within Automation Studio.
- **Principle of Least Privilege:** Run the software with the minimum necessary user permissions to limit the impact of a potential exploit.
## Detection
- **Indicators of Compromise:** Unexplained crashes of the `Automation Studio` process when loading specific project databases.
- **Detection Methods:** Security teams should audit installed software versions using Asset Management tools to identify instances of B&R Automation Studio below v6.5.
## References
- **B&R Advisory:** hxxps[://]www[.]br-automation[.]com/fileadmin/SA25P007-097a386d[.]pdf
- **ABB Cyber Security Portal:** hxxps[://]global[.]abb/group/en/technology/cyber-security/alerts-and-notifications
- **Canadian Centre for Cyber Security:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-140