ABB System 800xA Information Manager Improper Neutralization of Input During Web Page Generation (CVE-2020-8477)

high Tenable OT Security Plugin ID 500929

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

ABB’s recommendations:

- This vulnerability was corrected in System 800xA of the following versions:
- 5.1 Rev E/5.1 FP4 E TC6, ABB recommends users on the 5.1 track to install this TC, which can be obtained from technical support upon request.
- 6.0.3.3 RU1, ABB recommends users on the 6.0.3 LTS track to update 6.0.3.3 and install RU1 for IM.
- 6.1 RU1, ABB recommends users on the 6.1 track to update to this version.
- The above-mentioned updates are recommended regardless of whether the previously described manual removal of the vulnerable component has been done or not. The IM rollups for 6.0.3.3 and 6.1 can be downloaded from My ABB/My Control System.
- Please note this vulnerability can be exploited by remote and unauthenticated users, so users are recommended to ensure only authorized persons have access to plant assets and network and that web browsing from system nodes to external networks is restricted, especially from an IM node.
- Check that the usage of the Access Enable key in AC 800M HI and the configured access level of SIL variables corresponds to the risk analysis.

Successful exploitation of this vulnerability requires luring a user to a malicious website. Recommended baseline security practices and firewall configurations can help protect a network and its attached devices from attacks that originate from outside the network.

Recommended baseline security practices and firewall configurations can help protect a network and its attached devices from attacks that originate from outside the network. For example, common practices are for process control systems to be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that must be evaluated case by case.

Process control and automation systems should not be used for general business functions (e.g., Internet browsing, email, etc.) that are not critical industrial processes. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system with a minimal number of ports exposed.
For more information please refer to ABB’s Cybersecurity Advisory.

See Also

http://www.nessus.org/u?9606af1f

https://www.cisa.gov/news-events/ics-advisories/icsa-20-184-02

Plugin Details

Severity: High

ID: 500929

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 3/29/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-8477

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:abb:800xa_information_manager:5.1, cpe:/a:abb:800xa_information_manager, cpe:/a:abb:800xa_information_manager:6.1

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 4/22/2020

Vulnerability Publication Date: 4/22/2020

Reference Information

CVE: CVE-2020-8477

CWE: 79

ICSA: 20-184-02