You are here

ABB Panel Builder 800 (ICSA-18-198-01) – Product Used in the Water and Wastewater and Energy Sectors

ABB Panel Builder 800 (ICSA-18-198-01) – Product Used in the Water and Wastewater and Energy Sectors

Created: Tuesday, July 17, 2018 - 15:44
Categories:
Cybersecurity

The NCCIC has released an advisory on an improper input validation vulnerability in ABB Panel Builder 800. All versions of this product are affected. An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the specially crafted file. ABB is currently investigating this vulnerability and recommends users follow a list of suggestions until a corrected version is available.The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.