Full Report
[Control systems] ABB security advisory (AV26-286)
Analysis Summary
# Vulnerability: ABB Ability Camera Connect Outdated 3rd Party Component (SQLite)
## CVE Details
*Note: The primary vulnerability stems from the use of an outdated SQLite component (v3.2.4). While the advisory refers to this versioning, specific CVEs associated with this legacy version of SQLite include:*
- **CVE ID:** CVE-2017-10989, CVE-2015-3414, CVE-2015-3415 (Commonly associated with legacy SQLite vulnerabilities)
- **CVSS Score:** 7.5 (High) - *Estimated based on standard impacts for these library flaws.*
- **CWE:** CWE-1104: Use of Unmaintained Third-Party Component
## Affected Systems
- **Products:** ABB Ability Camera Connect
- **Versions:** Version 2.0.0.42 and prior
- **Configurations:** Systems utilizing the integrated SQLite version 3.2.4 database engine.
## Vulnerability Description
ABB Ability Camera Connect incorporates an outdated third-party component, **SQLite version 3.2.4**. This version of SQLite is significantly outdated and contains known security vulnerabilities. Depending on the specific flaw triggered within the library, an attacker could potentially cause a Denial of Service (DoS) through specially crafted SQL queries or execute arbitrary code if the application allows unvalidated input to reach the SQLite engine.
## Exploitation
- **Status:** No reports of exploitation in the wild for this specific ABB implementation; however, vulnerabilities for the underlying SQLite version are well-documented.
- **Complexity:** Medium
- **Attack Vector:** Network (typically via application-level interactions that interface with the database).
## Impact
- **Confidentiality:** Partial (Potential unauthorized data access)
- **Integrity:** Partial (Potential unauthorized data modification)
- **Availability:** High (Potential for application crashes or database corruption)
## Remediation
### Patches
ABB recommends updating to the latest version of the software where the component has been updated:
- **ABB Ability Camera Connect:** Users should upgrade to versions newer than 2.0.0.42. Users should contact ABB technical support for the specific download and update procedure.
### Workarounds
- **Network Segmentation:** Ensure that the ABB Ability Camera Connect server is isolated from the public internet and placed within a restricted management VLAN.
- **Principle of Least Privilege:** Restrict user access to the application to only those who require it for operational purposes.
- **Firewall Filtering:** Implement strict firewall rules to allow only authorized traffic to the ports used by the Camera Connect software.
## Detection
- **Indicators of Compromise:** Unusual application crashes, unexpected database errors in system logs, or unauthorized modifications to camera configuration data.
- **Detection Methods:** Vulnerability scanners can be used to identify the version of the `sqlite3.dll` or library file associated with the ABB installation to confirm the presence of the outdated component.
## References
- ABB Advisory: hxxps[://]search[.]abb[.]com/library/Download[.]aspx?DocumentID=4HZM000604&LanguageCode=en&DocumentPartId=PDF&Action=Launch
- ABB Cybersecurity Notifications: hxxps[://]global[.]abb/group/en/technology/cyber-security/alerts-and-notifications
- Canadian Centre for Cyber Security (AV26-286): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-286