Potential Vulnerabilities in ABB Products Could Lead to System Compromise

CVE-2024-8036

5.9MEDIUM

Key Information

Vendor: Abb
Status: Relion Protection Relays Re 611 Iec; Relion Protection Relays Ref615 Iec; Relion Protection Relays Ref615 Ansi; Relion Protection Relays Rex615
Vendor: CVE Published:; 25 October 2024

Summary

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

Affected Version(s)

Relion Protection Relays RE_611 IEC <= 1.0.4

Relion Protection Relays RE_611 IEC <= 2.0.4

Relion Protection Relays REF615 IEC <= 1.2.0

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 10 to: 5.9 - (MEDIUM)
Oct 25, 2024
Vulnerability published.
Oct 25, 2024
Vulnerability Reserved.
Aug 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

ABB thanks Jos Wetzels from Midnight Blue (midnightblue.nl) for helping to identify the vulnerabilities and protecting our customers.