ABB AC500 V2
Summary
ABB has disclosed vulnerabilities in its AC500 V2 industrial control system. Exploiting these flaws could allow an attacker to access fragments of previously sent Modbus telegrams. The affected versions are AC500 V2 <=2.5.2 and 2.5.3, with a fix available in firmware version 2.5.3 and later.
IFF Assessment
The vulnerability allows unauthorized access to sensitive information within the Modbus communication, which can be a precursor to further attacks on critical infrastructure.
Severity
The CVSS score of 5.8 (MEDIUM) is based on the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N. This indicates a network attack vector with low complexity, no required privileges or user interaction, and a scope change that impacts confidentiality. The primary impact is limited to confidential data disclosure.
Defender Context
This vulnerability impacts critical infrastructure sectors such as manufacturing, energy, and water, highlighting the need for diligent patching and monitoring of operational technology (OT) systems. Defenders should prioritize updating ABB AC500 V2 devices to the latest firmware and ensure robust network segmentation to limit the potential impact of such vulnerabilities.