ABB PCM600
Summary
ABB PCM600 versions 1.5 through 2.13 are affected by a path traversal vulnerability (CVE-2018-1002208) in the SharpZip.dll component. Successful exploitation allows an attacker to send specially crafted messages to the system node, potentially leading to arbitrary code execution.
IFF Assessment
This vulnerability allows for arbitrary code execution, which is a critical security risk for industrial control systems.
Severity
The CVSS v3 score is estimated at 8.8 (High) because the vulnerability allows for arbitrary code execution (High Impact) and can be exploited remotely (Attack Vector: Network). The complexity is low, and it does not require privileges or user interaction, making it highly exploitable.
Defender Context
This vulnerability in ABB PCM600 poses a significant risk to critical manufacturing infrastructure. Defenders should prioritize patching affected versions to 2.14 or implement system-level defenses if using older versions with specific compatible hardware, as outlined in the advisory. Monitoring for unusual network traffic targeting the system node is crucial.