February 15, 2018

ICS-CERT has updated this advisory with additional information on mitigation details. This advisory was originally released on November 14, 2017. ICS-CERT.

November 14, 2017

ICS-CERT has released an advisory on an ABB TropOS  vulnerability. ABB reports that the key reinstallation attacks (KRACK) potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior. Successful exploitation of these vulnerabilities could allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. ABB is working on remedial actions for all affected products and will provide an update when firmware, including remedial measures, is available. In the meantime, ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. ICS-CERT.