ABB Relion 650 and 670 Series Improper Input Validation (CVE-2019-18247)

high Tenable OT Security Plugin ID 500358

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

ABB recommends that users apply the following or later versions at the earliest convenience:

- Relion 650 series version 1.3.0.6
- Relion 670 series version 1.2.3.19
- Relion 670 series version 2.0.0.12
- Relion 670 series version 2.1.0.2

Updates can be ordered by email at: [email protected]

ABB also recommends that these and other proper security practices and firewall configurations be implemented to help protect a process control network from attacks originating outside the network:

- Process control systems are physically protected from direct access by unauthorized personnel.
- Process control systems have no direct connections to the Internet.
- Process control systems are separated from other networks by means of a firewall system that has a minimal number of ports/services exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

More information on recommended practices can be found in the ABB Cybersecurity Deployment Guidelines for each product version.

ABB has not identified any workaround; however, firewall rules could be set to block incoming traffic to Port 7001/TCP that originate from outside the network.

In the Relion 650 series Version 1.3, the SPA protocol over TCP/IP could be disabled if it is not in use.

For more information, see the ABB Cybersecurity Advisory 1MRG027165

See Also

https://www.us-cert.gov/ics/advisories/icsa-19-330-02

Plugin Details

Severity: High

ID: 500358

Version: 1.8

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-18247

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:hitachienergy:relion_650_firmware, cpe:/o:hitachienergy:relion_670_firmware:1, cpe:/o:hitachienergy:relion_670_firmware:2

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 11/27/2019

Vulnerability Publication Date: 11/27/2019

Reference Information

CVE: CVE-2019-18247

CWE: 20

ICSA: 19-330-02