QID 591369

Date Published: 2023-04-03

QID 591369: ABB CI845 WindRiver VxWorks IPNet Multiple Vulnerabilities (ABBVU-IACT- 800xAIOE-OL-1000-10017)

AFFECTED PRODUCTS
CI845 with versions: 1.0.1.0 (included in System 800xA6.1)

QID Detection Logic:
This QID checks for the Vulnerable version of ABB CI845 using passive scanning.

An attacker who successfully exploited this vulnerability could disrupt ongoing communication or block new communication on the Ethernet Network. The attacker might also be able to execute code remotely on CI845 and by this means attack the integrity of the module. Furthermore, before full disruption of communication, an attacker might cause unexpected behavior of Ethernet communication by assigning additional and colliding IP addresses to affected CI845 modules.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
    • Solution

    Customers are advised to refer to CERT MITIGATIONS section ABBVU-IACT- 800xAIOE-OL-1000- 10017 for affected packages and patching details.

    Vendor References

    CVEs related to QID 591369

    CVE-2019-12256 | CVE-2019-12262 |
    Software Advisories
    Advisory ID Software Component Link
    ABBVU-IACT- 800xAIOE-OL-1000- 10017 URL Logo library.e.abb.com/public/fd7aea6ffbcd4a7ca07492a5a2d358cc/2PAA120777_B_en_SECURITY%20WindRiver%20VxWorks%20IPNet%20Vulnerabilities%20impact%20on%20CI845.pdf
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].