Our Researchers Discover Another Vulnerability 

As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities and attack techniques.

CVE-2020-24685 is a CVSS 8.6 (CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) remote CPU DoS vulnerability in all of ABB’s AC500 V2 products with onboard ethernet are affected by this vulnerability (with latest firmware v2.5.4) that has been discovered by SCADAfence researcher Yossi Reuven.

ABB is one of the world’s leading electronics and electrical equipment manufacturing companies (holding an overall share in the world DCS market of 19.2%), and is in use by many of our customers. 

About The Vulnerability – CVE-2020-24685

AC500 V2 Series is one of ABB’s PLC offerings – designed as a compact entry-level PLCs for small applications. AC500 V2’s communication with Automation Builder (Engineering software package) is done via ABB proprietary wrapper protocol encapsulation of CoDeSys SDE protocol (which works on both TCP and UDP). 

A single specially crafted packet sent by an attacker over the ABB protocol on port 1200 will cause a denial-of-service (DoS) vulnerability. The PLC’s CPU will get into fault mode, causing a hardware failure. The PLC then becomes unresponsive and requires a manual (physical) restart to recover. In addition, the buffer overflow condition may allow remote code execution.

What SCADAfence Recommends Asset Owners To Do

Perform an Industrial Vulnerability Management Process

Please refer to our guide on this topic: https://www.scadafence.com/public-preview-a-comprehensive-guide-to-industrial-device-patching/

Monitor for Unauthorized Network Activity and Exploitation

Some devices will always remain unpatched. Monitoring is an early warning system that allows you to act before attackers have gained full control over your network.

Upgrade to the Latest Firmware

ABB has developed a new firmware version 2.8.5 fixing this vulnerability. This firmware version is released for the following affected PLC types:
* PM573-ETH
* PM583-ETH

Currently no firmware update is available to other products in the AC500 V2 line. When ABB makes such a patch available, we recommend asset owners to consider upgrading.

Prevent Unauthorized and Untrusted Access

– Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.

– Use within a LAN and block access from untrusted networks and hosts through firewalls.

Special Thanks & Recognition

The SCADAfence Research team would like to thank the ABB team for the collaboration.

SCADAfence is committed to continued research of offensive technologies and development of new defensive technologies.

Exploit PoC

We wrote a Python POC (GPLv3) script of the exploit in action.

Currently, there’s no patch available. As a result, we limit the access to the exploit to vetted individuals only. The exploit is only available for educational and legal research purposes.

Warning: The script will crash the PLC’s CPU – do not use it in production.

To get this free python exploit, please send an email to research@scadafence.com, identify yourself and explain how you’re going to use the exploit. We reserve the right to refuse any request.

What a year.

What a year this has been to humanity, an epidemic has fundamentally changed the way we interact with one another, social distancing, lockdowns and restrictions in virtually everything we do. Covid-19 has changed the way we conduct business and shifted the way we secure our businesses.

Adversaries’ activities are at an all-time high, be it nation state actors or financially driven attackers. The ever-changing threat landscape is evolving faster than ever and OT networks and IoT devices are a core target for such malicious activities. Repeated attacks from threat actors sponsored by nation-states, such as the recent SolarWinds attack on Microsoft, FireEye, the US government, and around 18,000 other organizations, have prompted fears not only of significant physical damage and economic disruption but also of the increased possibility of all-out cyber warfare. You could describe the situation as an all-out war, only with no guns involved and not a single bullet shot.

In the midst of all of this, we felt that it is imperative to support the broader community and so with the outbreak of Coronavirus earlier this year, we offered all of our products for free for an initial term. And today, we are honored to protect some of the world’s largest organizations in manufacturing and critical infrastructure. In fact, the Japanese government publicly praised SCADAfence’s efforts to secure multiple Japanese organizations, completely free of charge.

Despite the Covid-19 pandemic and possibly because of the recent spike in attacks, our team at SCADAfence has managed to sustain our exponential growth and the continued scaling of our global footprint with rapid expansion in new markets, such as LATAM and APAC.

This rapid expansion can also be attributed to our technological advancements and innovation. Launching new features based on customers’ real needs, such as our User Activity Tracking, a feature that was built specifically for the new, work from home norm; and the SCADAfence Governance portal, which centrally monitors the adherence to industry standard and regulations.

One of the things we’ve always taken pride in is putting our customer’s needs as our top priority. To that end, SCADAfence has won 11 industry awards in 2020, more than all companies in the OT security industry combined – but that all pales in comparison to having the highest customer satisfaction rating on Gartner’s Peer Insights. Not to mention the feedback we’ve been receiving from our customers, here’s just one example:

 “SCADAfence has well exceeded all of our expectations in both service level and product quality. Their team has been extremely knowledgeable, customer-focused, and timely in all aspects of our interactions.”

Process Controls Engineer at a Fortune 100, O&G company.

There’s no doubt that 2020 has been a challenging year but also a year full of growth, dedication and grit. I’d like to thank our entire team for all their hard work, efforts and creativity. A big thank you to all of our partners and of course, our customers for choosing to work with us, it’s not a given and never will be.

If you’ve made it this far and even if you did not, I’d like wish you a great 2021!

Enjoy the holiday season and stay safe.

Happy new year!