Detections
Analytics
ABB 800xA CSLib communication Denial of Service (CVE-2024-3036)
medium Tenable OT Security Plugin ID 502357
Synopsis
The remote OT asset is affected by a vulnerability.Description
Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through 6.1.1-2.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.ABB recommends updating to an active product version to obtain the latest corrections. The problem is or will be corrected in the following product versions:
- ABB 800xA Base 6.2.0-0 (part of System 800xA 6.2.0.0)
- ABB 800xA Base 6.1.1-3 (part of System 800xA 6.1.1.2)
- ABB 800xA Base 6.0.3-x (included in next revision)
For more information, please refer to ABB's Cybersecurity Advisory 7PAA013309.
See Also
http://www.nessus.org/u?db120e9c
https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-01
Plugin Details
Severity: Medium
ID: 502357
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 8/8/2024
Updated: 8/8/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v3
Risk Factor: Medium
Base Score: 5.7
Temporal Score: 5.1
Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:abb:800xa_base_system:6.1.x, cpe:/a:abb:800xa_base_system:6.0.x
Required KB Items: Tenable.ot/ABB
Exploit Ease: No known exploits are available
Patch Publication Date: 6/19/2020
Vulnerability Publication Date: 6/14/2024
Reference Information
CVE: CVE-2024-3036
CWE: 20