ABB System 800xA, Symphony Plus IEC 61850
Summary
This article details a vulnerability in ABB's IEC 61850 communication stack for MMS client applications, affecting specific versions of System 800xA and Symphony Plus products. Exploiting this vulnerability can cause device faults requiring manual restarts or denial-of-service for the IEC 61850 communication function on S+ Operations nodes.
IFF Assessment
The vulnerability allows an attacker to cause device faults or denial-of-service in critical industrial control systems, negatively impacting operational availability.
Severity
The CVSS score of 6.5 indicates a moderate severity vulnerability, stemming from improper input validation which can lead to device faults or DoS when triggered by a specially crafted network packet.
Defender Context
Defenders in critical infrastructure sectors like chemical, manufacturing, and energy should pay close attention to this vulnerability. Prompt patching or implementing network segmentation to isolate affected ABB systems is crucial to prevent potential operational disruptions.