Potential Vulnerabilities in ABB Products Could Lead to System Compromise
CVE-2024-8036

5.9MEDIUM

Key Information:

Vendor: Abb
Status: Relion Protection Relays Re 611 Iec; Relion Protection Relays Ref615 Iec; Relion Protection Relays Ref615 Ansi; Relion Protection Relays Rex615
Vendor: CVE Published:; 25 October 2024

Summary

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

Affected Version(s)

620 Series IEC/CN 2.0.0 <= 2.0.13

620 Series IEC/CN 2.1.0 <= 2.1.16

ARG600/ARP600 dual SIM 2.x.x <= 3.4.13

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Aug 20, 2024

Credit

ABB thanks Jos Wetzels from Midnight Blue (midnightblue.nl) for helping to identify the vulnerabilities and protecting our customers.