7PAA012159

Vulnerability from csaf_abb - Published: 2025-02-10 00:30 - Updated: 2025-02-10 00:30
Summary
System 800xA 5.1.x, 6.0.3.x, 6.1.1.x, 6.2.x - VideONet Camera passwords stored in clear text

Notes

Summary
ABB is aware of a vulnerability related to the VideONet product. The vulnerability is applicable in the System 800xA versions listed as affected in the advisory, where the VideONet product is used. There will be no update/resolution of this vulnerability in System 800xA. Instead, the strategy for ABB is to offer existing customers using VideONet a transfer to a new product, Camera Connect. This will be offered as soon as Camera Connect is available as a product. An attacker who successfully exploited the vulnerability could, in the worst-case scenario, stop or manipulate the video feed. There is no impact to other Operator station functions (graphics, trends, faceplates, etc.) and Control operations are not impacted at all.
General security recommendations
Control systems and the control network are exposed to cyber threats. In order to minimize these risks, the protective measures and best practices listed below are available in addition to other measures. ABB strongly recommends system integrators and asset owners to implement the measures they consider appropriate for their control system environment: – Place control systems in a dedicated control network containing control systems only. – Locate control networks and systems behind firewalls and separate them from any other networks like business networks and the Internet. – Block any inbound Internet traffic destined for the control networks/systems. Place remote access systems used for remote control system access outside the control network. – Limit outbound Internet traffic originating from control systems/networks as much as possible. If control systems must talk to the Internet, tailor firewall rules to required resources allow only source IPs, destination IPs and services/destination ports which control systems definitely need to use for normal control operation. – If Internet access is required on occasion only, disable relevant firewall rules and enable them during the time window of required Internet access only. If supported by your firewall, define an expiry date and time for such rules after the expiry date and time, the firewall will disable the rule automatically. – Limit exposure of control networks/systems to internal systems. Tailor firewall rules allowing traffic from internal systems to control networks/systems to allow only source IPs, destination IPs and services/destination ports which are definitely required for normal control operation. – Create strict firewall rules to filter malicious network traffic targeting control system ("exploit traffic"). Exploit traffic may use network communication features like source routing, IP fragmentation and/or IP tunneling. If such features are not required for normal control operation, block them on your firewall. – If supported by your firewall, apply additional filters to allowed traffic which provide protection for control networks/systems. Such filters are provided by advanced firewall features like Application Control and Anti-Virus. – Use Intrusion Detection Systems (IDS) or Intrusion Preventions Systems (IPS) to detect/block control system specific exploit traffic. Consider using IPS rules protecting against control system exploits. – When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Please ensure that VPN solutions are updated to the most current version available. – In case you want to filter internal control network traffic, consider using solutions supporting Intra-LAN traffic control like VLAN access control lists. – Harden your control systems by enabling only the ports, services and software required for normal control operation. Disable all other ports and disable/uninstall all other services and software. – If possible, limit the permissions of user accounts, software processes and devices to the permissions required for normal control operation. – Use trusted, patched software and malware protection solutions. Interact with trusted websites and trusted email attachments only. – Ensure all nodes are always up to date in terms of installed software, operating system and firmware patches as well as anti-virus and firewall. – Protect control systems from physical access by unauthorized personnel e.g. by placing them in locked switch cabinets. More information on recommended practices can be found in the reference section (3BSE034463D6200).
Support
For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters. Information about ABB's cyber security program and capabilities can be found at www.abb.com/cybersecurity
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.
Workarounds
The only possible workaround is to secure and protect the network where VideONet is running and the VideONet Server from unauthorized access. The workaround will not correct the underlying vulnerability, but it helps blocking known attack vectors. Refer to section “General security recommendations” for further advise on how to keep your system secure.
Mitigating factors
Follow the guidelines in the System 800xA VideONet Connect user documentation (2PAA109407*) to secure and protect the installation of, and the network where VideONet is running. Refer to section “General security recommendations” for further advice on how to keep your system secure.
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "\u00a9 Copyright 2024 ABB. All rights reserved.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "ABB is aware of a vulnerability related to the VideONet product. The vulnerability is applicable in the System 800xA versions listed as affected in the advisory, where the VideONet product is used. There will be no update/resolution of this vulnerability in System 800xA. Instead, the strategy for ABB is to offer existing customers using VideONet a transfer to a new product, Camera Connect. This will be offered as soon as Camera Connect is available as a product.\nAn attacker who successfully exploited the vulnerability could, in the worst-case scenario, stop or manipulate the video feed.\nThere is no impact to other Operator station functions (graphics, trends, faceplates, etc.) and Control operations are not impacted at all.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "Control systems and the control network are exposed to cyber threats. In order to minimize these risks, the protective measures and best practices listed below are available in addition to other measures. ABB strongly recommends system integrators and asset owners to implement the measures they consider appropriate for their control system environment:\n\n\n\u2013\tPlace control systems in a dedicated control network containing control systems only.\n\n\n\u2013\tLocate control networks and systems behind firewalls and separate them from any other networks like business networks and the Internet.\n\n\n\u2013\tBlock any inbound Internet traffic destined for the control networks/systems. Place remote access systems used for remote control system access outside the control network.\n\n\n\u2013\tLimit outbound Internet traffic originating from control systems/networks as much as possible. If control systems must talk to the Internet, tailor firewall rules to required resources allow only source IPs, destination IPs and services/destination ports which control systems definitely need to use for normal control operation.\n\n\n\u2013\tIf Internet access is required on occasion only, disable relevant firewall rules and enable them during the time window of required Internet access only. If supported by your firewall, define an expiry date and time for such rules after the expiry date and time, the firewall will disable the rule automatically.\n\n\n\u2013\tLimit exposure of control networks/systems to internal systems. Tailor firewall rules allowing traffic from internal systems to control networks/systems to allow only source IPs, destination IPs and services/destination ports which are definitely required for normal control operation.\n\n\n\u2013\tCreate strict firewall rules to filter malicious network traffic targeting control system (\"exploit traffic\"). Exploit traffic may use network communication features like source routing, IP fragmentation and/or IP tunneling. If such features are not required for normal control operation, block them on your firewall.\n\n\n\u2013\tIf supported by your firewall, apply additional filters to allowed traffic which provide protection for control networks/systems. Such filters are provided by advanced firewall features like Application Control and Anti-Virus.\n\n\n\u2013\tUse Intrusion Detection Systems (IDS) or Intrusion Preventions Systems (IPS) to detect/block control system specific exploit traffic. Consider using IPS rules protecting against control system exploits.\n\n\n\u2013\tWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Please ensure that VPN solutions are updated to the most current version available.\n\n\n\u2013\tIn case you want to filter internal control network traffic, consider using solutions supporting Intra-LAN traffic control like VLAN access control lists.\n\n\n\u2013\tHarden your control systems by enabling only the ports, services and software required for normal control operation. Disable all other ports and disable/uninstall all other services and software.\n\n\n\u2013\tIf possible, limit the permissions of user accounts, software processes and devices to the permissions required for normal control operation.\n\n\n\u2013\tUse trusted, patched software and malware protection solutions. Interact with trusted websites and trusted email attachments only.\n\n\n\u2013\tEnsure all nodes are always up to date in terms of installed software, operating system and firmware patches as well as anti-virus and firewall.\n\n\n\u2013\tProtect control systems from physical access by unauthorized personnel e.g. by placing them in locked switch cabinets.\n\nMore information on recommended practices can be found in the reference section (3BSE034463D6200).\n",
        "title": "General security recommendations"
      },
      {
        "category": "other",
        "text": "For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.\nInformation about ABB\u0027s cyber security program and capabilities can be found at www.abb.com/cybersecurity\n",
        "title": "Support"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.\nABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.\nThis document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\nAll rights to registrations and trademarks reside with their respective owners.\n",
        "title": "Notice"
      },
      {
        "category": "general",
        "text": "The only possible workaround is to secure and protect the network where VideONet is running and the VideONet Server from unauthorized access.\nThe workaround will not correct the underlying vulnerability, but it helps blocking known attack vectors.  Refer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Follow the guidelines in the System 800xA VideONet Connect user documentation (2PAA109407*) to secure and protect the installation of, and the network where VideONet is running.\nRefer to section \u201cGeneral security recommendations\u201d for further advice on how to keep your system secure.\n",
        "title": "Mitigating factors"
      }
    ],
    "publisher": {
      "category": "vendor",
      "name": "ABB PSIRT",
      "namespace": "https://global.abb/group/en/technology/cyber-security/alerts-and-notifications"
    },
    "references": [
      {
        "category": "self",
        "summary": "ABB CYBERSECURITY ADVISORY - PDF version ",
        "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
      },
      {
        "summary": "System 800xA 6.2 Reference - Network Configuration (3BSE034463D6200)",
        "url": "http://search.abb.com/library/Download.aspx?DocumentID=3BSE034463D6200\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
      },
      {
        "summary": "System 800xA 6.2 Operations \u2013 VideONet Connect (2PAA109407D6200)",
        "url": "http://search.abb.com/library/Download.aspx?DocumentID=2PAA109407D6200\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
      },
      {
        "category": "self",
        "summary": "ABB CYBERSECURITY ADVISORY - CSAF version ",
        "url": "https://psirt.abb.com/csaf/2025/7paa012159.json"
      }
    ],
    "title": "System 800xA 5.1.x, 6.0.3.x, 6.1.1.x, 6.2.x - VideONet Camera passwords stored in clear text",
    "tracking": {
      "current_release_date": "2025-02-10T00:30:00.000Z",
      "generator": {
        "date": "2025-09-23T17:01:19.008Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.35"
        }
      },
      "id": "7PAA012159",
      "initial_release_date": "2025-02-10T00:30:00.000Z",
      "revision_history": [
        {
          "date": "2025-02-10T00:30:00.000Z",
          "legacy_version": "A",
          "number": "1",
          "summary": "Initial version. "
        },
        {
          "date": "2025-02-10T00:30:00.000Z",
          "legacy_version": "B",
          "number": "2",
          "summary": "There were some minor corrections"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "6.0.3.*",
                "product": {
                  "name": "System 800xA6.0.3.x",
                  "product_id": "AV2"
                }
              },
              {
                "category": "product_version_range",
                "name": "6.1.1.*",
                "product": {
                  "name": "System 800xA 6.1.1.x",
                  "product_id": "AV3"
                }
              },
              {
                "category": "product_version_range",
                "name": "6.2.*",
                "product": {
                  "name": "System 800xA 6.2.x",
                  "product_id": "AV4"
                }
              },
              {
                "category": "product_version_range",
                "name": "5.1.*",
                "product": {
                  "name": "System 800xA 5.1.x",
                  "product_id": "AV1"
                }
              }
            ],
            "category": "product_name",
            "name": "System 800xA "
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10334",
      "cwe": {
        "id": "CWE-256",
        "name": "Plaintext Storage of a Password"
      },
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited this vulnerability could retrieve the login credentials for all cameras and manipulate or stop the video feed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "AV1",
          "AV2",
          "AV3",
          "AV4"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2024-10334",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10334"
        }
      ],
      "remediations": [
        {
          "category": "no_fix_planned",
          "details": "ABB recommends following the guidelines described in the System 800xA VideONet Connect user documentation (2PAA109407*). The user documentation explains how to protect the network on which cameras are connected from unauthorized access and the recommended deployment. Similarly, it is important to protect the VideONet Server from unauthorized access.\nThere will be no update for VideONet in System 800xA. Instead, the recommendation is to transfer to the new product, Camera Connect, as soon as it becomes available. Camera Connect is expected to be released in the first half of 2025. Customers may proactively reach out to their ABB contact in case they would like to receive further information about the new Camera Connect solution.\nEnsure that the camera user accounts used by System 800xA only have the minimum level of permission needed to perform the required task, e.g. do not use an administrator or superuser account. This limits the potential damage from a leaked password.\n",
          "product_ids": [
            "AV1",
            "AV2",
            "AV3",
            "AV4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 6.2,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "UNKNOWN",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H/E:U/RL:U/RC:U",
            "version": "3.1"
          },
          "products": [
            "AV1",
            "AV2",
            "AV3",
            "AV4"
          ]
        }
      ],
      "title": "CVE-2024-10334"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.