what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ABB HMI Outdated Software Components

ABB HMI Outdated Software Components
Posted Jun 21, 2019
Authored by xen1thLabs

ABB HMI uses outdated software components that are statically linked into the firmware files and service binaries. These components have documented vulnerabilities and should be updated and replaced. It was possible to identify severally outdated OpenSSL (version 0.9.8g) and ABYSS HTTP (version 0.4) server components.

tags | advisory, web, vulnerability
advisories | CVE-2009-3245
SHA-256 | cad7c2fbbae341fd60776b4bb48d4026c7c1d00b91347c7ecd5ebdd509988332

ABB HMI Outdated Software Components

Change Mirror Download
XL-19-006 - ABB HMI Outdated Software Components
========================================================================

Identifiers
-----------
XL-19-006
ABBVU-IAMF-1902001
ABBVU-IAMF-1902010


CVSS Score
----------
7.1 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)


Affected vendor
---------------
ABB (new.abb.com)


Credit
------
xen1thLabs - Software Labs


Vulnerability summary
---------------------
ABB HMI uses outdated software components that are statically linked into the firmware files and service binaries. These components have documented vulnerabilities and should be updated and replaced. It was possible to identify severally outdated OpenSSL (version 0.9.8g) and ABYSS HTTP (version 0.4) server components.


Technical details
-----------------
*OpenSSL*
The HMI Interface is using an outdated version of OpenSSL to implement HTTPS functionality.

As reported in CVE 2009-3245 (CVSS 10.0)penSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.


*ABYSS HTTP*
When accessing resources over HTTP directly, the HTTP server replies with HTTP 401 Unauthorized and discloses its HTTP server details:
```
IDAL - HTTP daemon. Based on ABYSS Web Server ver.0.4 © 2000 Moez Mahfoudh
```
This software component is severely outdated and affected by several known vulnerabilities. The disclosed medium severity vulnerabilities could allow an attacker to cause memory corruption that could be exploited for a Denial-of-Service attack.


Affected systems
----------------
CP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior
CP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior
CP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior
CP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior
CP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior
CP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior
CP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior
CP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior
CP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior
CP651, order code: 1SAP551100R0001, revision index B1 with BSP UN30 V1.76 and prior
CP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior
CP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior
CP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior
CP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior
CP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior
CP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior
CP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior

Solution
--------
ABB claims use of OpenSSL is unaffected, no statement for other Abyss web server:
- ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch
- ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch

Disclosure timeline
-------------------
04/02/2019 - Contacted ABB requesting disclosure coordination
05/02/2019 - Provided vulnerability details
05/06/2019 - Patch available
17/06/2019 - xen1thLabs public disclosure


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close