ABB Automation Builder Gateway for Windows
Summary
ABB Automation Builder Gateway for Windows versions prior to 2.9.0 contain a severe vulnerability that allows unauthenticated attackers to scan for and potentially access PLCs if user management is disabled. The gateway is accessible remotely by default, posing a risk to critical infrastructure sectors like chemical, manufacturing, and energy.
IFF Assessment
This vulnerability allows unauthenticated attackers to scan for and potentially gain access to industrial control systems, representing a significant threat to operational security.
Severity
The CVSS score of 5.3 reflects a 'Medium' severity, stemming from the 'Initialization of a Resource with an Insecure Default' vulnerability. While remote access is possible by default, the impact is mitigated by PLC user management, which can prevent actual access unless disabled.
Defender Context
This vulnerability highlights the importance of securing default configurations, especially in Industrial Control Systems (ICS). Defenders should verify that remote access to the ABB Automation Builder Gateway is disabled if not strictly necessary and ensure that PLC user management is robustly configured and enforced to prevent unauthorized access.