ABB Ability Symphony Plus Engineering
Summary
ABB Ability Symphony Plus Engineering is affected by vulnerabilities in PostgreSQL versions 13.11 and earlier. Exploiting these vulnerabilities could allow an attacker to execute arbitrary code and compromise the entire system.
IFF Assessment
The identified vulnerabilities allow for arbitrary code execution and system compromise, posing a significant risk to defenders.
Severity
The CVSS score of 8.8 reflects a critical severity, indicating a high potential for impact due to vulnerabilities like Integer Overflow and SQL Injection, which can lead to arbitrary code execution and system compromise.
Defender Context
This alert highlights critical vulnerabilities in industrial control systems (ICS) software, specifically within ABB's Symphony Plus Engineering. Defenders should prioritize patching or mitigating these issues in affected environments, especially within the Chemical, Critical Manufacturing, Energy, and Water and Wastewater sectors, due to the potential for system-wide compromise.