ABB Freelance Security Lock
Summary
CISA has issued an alert regarding a vulnerability in ABB Freelance Security Lock, affecting multiple versions of ABB System Version Freelance. Successful exploitation of this authentication bypass could allow attackers to gain access to underlying operating system functions, even when Freelance Operations is active, by bypassing the security lock via undocumented or special key combinations.
IFF Assessment
This alert describes a vulnerability that allows an attacker to bypass security measures in critical industrial control systems, posing a significant risk to defenders.
Severity
A CVSS v3 score of 6.6 is assigned, indicating a medium to high severity vulnerability. This score reflects that an attacker can bypass a security lock to gain access to the underlying operating system, which could lead to unauthorized control or disruption of industrial processes.
Defender Context
Defenders in critical manufacturing and industrial control system (ICS) environments must prioritize patching and mitigating this vulnerability. Unauthorized access to the underlying OS can lead to severe operational disruptions, data manipulation, or physical damage. Organizations should review system configurations, user permissions, and implement strict access controls to reduce the attack surface and monitor for unusual activity related to keyboard inputs or OS access attempts.