Full Report
The vulnerabilities affect CP635 and CP651 control panels and PB610 Panel Builder 600
Analysis Summary
# Vulnerability: Multiple Security Flaws in ABB HMI Solutions
## CVE Details
- **CVE ID:** CVE-2019-12227, CVE-2019-12228, CVE-2019-12229, CVE-2019-12230
- **CVSS Score:** Range from 5.3 to 9.8 (Critical)
- **CWE:** CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-20 (Improper Input Validation), CWE-22 (Path Traversal).
## Affected Systems
- **Products:**
- CP635 Control Panels
- CP651 Control Panels
- PB610 Panel Builder 600
- **Versions:**
- PB610 Panel Builder 600: versions prior to V2.8.0.424
- CP635/CP651: All firmware versions integrated with impacted PB610 runtimes.
- **Configurations:** Systems utilizing the web-based management interface or remote communication protocols are at higher risk.
## Vulnerability Description
The flaws involve several memory management and input validation issues within the ABB HMI software stack:
1. **Stack-based Buffer Overflows:** Allow remote attackers to execute arbitrary code via specially crafted network packets.
2. **Path Traversal:** Enables attackers to access or modify files outside of the intended directory, potentially compromising system configuration or sensitive data.
3. **Improper Input Validation:** Certain communication ports do not correctly sanitize incoming data, leading to potential denial-of-service (DoS) or remote code execution.
## Exploitation
- **Status:** PoC available (researcher-developed); No confirmed reports of exploitation in the wild at the time of disclosure.
- **Complexity:** Low to Medium
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Potential access to sensitive configuration files)
- **Integrity:** High (Ability to modify HMI logic or system files)
- **Availability:** High (Can lead to system crashes or full takeover)
## Remediation
### Patches
- **PB610 Panel Builder 600:** Upgrade to version **V2.8.0.424** or later.
- **Control Panels:** Update firmware to the latest version provided by ABB that incorporates the PB610 V2.8.0.424 runtime fixes.
### Workarounds
- Disable the web server/remote access features if they are not required for operation.
- Implement strict firewall rules to restrict access to the HMI communication ports (e.g., Port 80, 443, and proprietary engineering ports) to authorized workstations only.
- Ensure the HMI is isolated from the corporate network and the internet.
## Detection
- **Indicators of Compromise:** Unusual network traffic on HMI management ports; unexpected restarts of the HMI panels; unauthorized file modifications in the runtime directory.
- **Detection Methods:** Use Industrial Control System (ICS) aware firewalls and IDS/IPS signatures targeting known ABB communication protocols.
## References
- ABB Advisory: hxxps[://]search.abb[.]com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch
- Kaspersky ICS CERT: hxxps[://]ics-cert[.]kaspersky[.]com/publications/reports/2019/06/28/multiple-vulnerabilities-in-abb-hmi-solutions/
- CVE Mitre: hxxps[://]cve[.]mitre[.]org/cgi-bin/cvename.cgi?name=CVE-2019-12227