Swiss industrial tech company ABB has patched a dozen vulnerabilities, including serious issues, in some of its human-machine interface (HMI) products.
Researchers at xen1thLabs, the labs unit of UAE-based cybersecurity firm DarkMatter, discovered 12 vulnerabilities that can be used to bypass authentication, execute arbitrary code, and gain access to information.
The vulnerabilities impact CP635 and CP651 control panels used as HMIs for ABB automation systems, and the PB610 Panel Builder 600 engineering tool for designing HMI applications.
xen1thLabs has described the security holes in 8 advisories and ABB has covered the flaws across 3 advisories (ABB CP635 HMI, ABB PB610, ABB CP651 HMI).
The security holes are related to outdated software components with known vulnerabilities, hardcoded credentials that provide admin access, weaknesses in software update mechanisms, a path traversal that allows access to folders on the FTP server, denial-of-service (DoS) issues, and code execution flaws that can be exploited by unauthenticated attackers by sending specially crafted requests.
“An attacker who successfully exploited this vulnerability could prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node or insert and run arbitrary code in an affected system node,” the vendor wrote in the advisories covering the control panel flaws.
Learn More About HMI Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference
If a vulnerable system is connected to a network, an attacker with access to the network can exploit the flaws. If the system is isolated from an organization’s network, launching an attack requires physical access to the affected device.
“Recommended practices include that process control sys-tems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed,” ABB said.
According to the vendor, there is no evidence that the details of the vulnerabilities had been made public before their official disclosure or that any of them had been exploited for malicious purposes.
The advisories from xen1thLabs show that the vulnerabilities were reported to ABB in early February and patches were released in early June. The advisories include both technical details and proof-of-concept (PoC) code.
Related: Serious Flaws Found in ABB Safety PLC Gateways
Related: Critical Flaws Expose ABB Door Communication Systems to Attacks