9AKK108470A8948
Vulnerability from csaf_abb - Published: 2025-05-29 00:30 - Updated: 2025-06-05 00:30Summary
ELSB/Home Solutions Outdated SW Components in ABB Welcome IP-Gateway.
Notes
Summary
ABB became aware of vulnerabilities in IPGW product versions listed as affected in the advisory. An attacker who successfully exploits these vulnerabilities could potentially gain unauthorized access and potentially compromise the system's - and log-file - confidentiality, integrity and availability.
ABB requires that the IP-address of an IPGW should not be accessible from the Internet or any other network considered insecure. The communication between IPGW and the associated Internet Service shall be outbound-initiated, bi-directional. Any unsolicited inbound connection shall be discarded. A common way to ensure this best practice is to operate IPGW behind a firewall.
Researchers have reported 2518 CVEs to ABB which were identified using an automated scanning tool in a local network. ABB has analyzed these CVEs carefully and came to the following result:
2074 - CVE's not impacting IPGW because it belongs to SW components inside the IPGW-Firmware-Image, that are not supported by the IPGW as a product, e.g. IPGW does not support: Display, USB-port, Keyboard, etc.
7 - High Severity CVEs that belong to SW components integrated in IPGW-firmware-image. These CVE’s are considered to have a high severity because there are proof of concept (PoC) descriptions available.
For cases that are not fixed, ABB was not able to find an appropriate solution.
34 - Medium CVEs that belong to SW components integrated in IPGW-firmware-image. ABB defines a medium severity for CVE’s where there is no PoC available describing how to exploit such CVE and where the CVE belongs to a SW-Component as part of the IPGW-firmware-image, that is frequently used. For cases that are not fixed, ABB was not able to find an appropriate solution.
403 - Low severity CVEs that belong to SW components integrated in IPGW-firmware-image. ABB defines a low severity for CVE’s where there is no PoC available describing how to exploit such CVE and where criticality is seen low. ABB will monitor these CVE’s internally
General security recommendations
For any installation of software-related ABB products and especially for products in scope of the IPGW product line, we strongly recommend the following (non-exhaustive) list of cyber security practices:
• Ensure that all IPGW products are upgraded to the latest firmware version. Please find the latest version of IPGW firmware on the respective product homepage.
• Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks) wherever possible.
• Install physical controls to prevent unauthorized personnel can access your devices, components, peripheral equipment, and networks.
• Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.
• Scan all data imported into your environment before use to detect potential malware infections.
• Minimize network exposure for all IPGW ports and endpoints to ensure that they are not accessible directly from the Internet.
• Ensure all nodes of your internal network are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.
• Authorized users shall change all default credentials during commissioning of an IPGW system. If credentials have not been changed during commission state, ABB advises to change each changeable credential at the earliest.
• Please note: Remote access is supported exclusively by using ABB services such as my.busch-jaeger.de or mybuildings.abb.com. Other means of remote access violate the ABB specification of compliant product operation and the intended use of the product.
Support
For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.
Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.
ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.
This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
All rights to registrations and trademarks reside with their respective owners.
Mitigating factors
The vulnerabilities reported in scope of this document are only exploitable if attackers can access the network segment where IPGW is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect customers networks:
• Remote access is supported exclusively by using ABB services such as my.busch-jaeger.de or mybuildings.abb.com. Other means of remote access violate the ABB specification of compliant product operation and the intended use of the product
• IPGW devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding
• Authorized users shall change all default credentials during commissioning of an IPGW system. If credentials have not been changed during commission state, ABB advises to change each changeable credential at the earliest
• Ensure that all IPGW products are upgraded to the latest firmware version. Please find the latest version of IPGW firmware on the respective product homepage
Workarounds
Using the IPGW exclusively within the local Network is also possible. In this case no Internet service is required at all. The IPGW’s IP-address must be protected against access over the Internet or other networks considered unsecure, by means of a firewall, NAT Router or similar.
NOTE: Remote access is supported exclusively by using ABB services such as my.busch-jaeger.de or mybuildings.abb.com. Other means of remote access violate the ABB specification of compliant product operation and the intended use of the product
{
"document": {
"acknowledgments": [
{
"names": [
"Tobias Plagge"
],
"organization": "it-design.online",
"summary": "reporting the vulnerabilities in responsible disclosure. "
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "\u00a9 Copyright 2025 ABB. All rights reserved.",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ABB became aware of vulnerabilities in IPGW product versions listed as affected in the advisory. An attacker who successfully exploits these vulnerabilities could potentially gain unauthorized access and potentially compromise the system\u0027s - and log-file - confidentiality, integrity and availability. \nABB requires that the IP-address of an IPGW should not be accessible from the Internet or any other network considered insecure. The communication between IPGW and the associated Internet Service shall be outbound-initiated, bi-directional. Any unsolicited inbound connection shall be discarded. A common way to ensure this best practice is to operate IPGW behind a firewall. \nResearchers have reported 2518 CVEs to ABB which were identified using an automated scanning tool in a local network. ABB has analyzed these CVEs carefully and came to the following result:\n\n2074 - CVE\u0027s not impacting IPGW because it belongs to SW components inside the IPGW-Firmware-Image, that are not supported by the IPGW as a product, e.g. IPGW does not support: Display, USB-port, Keyboard, etc.\n\n7 - High Severity CVEs that belong to SW components integrated in IPGW-firmware-image. These CVE\u2019s are considered to have a high severity because there are proof of concept (PoC) descriptions available. \nFor cases that are not fixed, ABB was not able to find an appropriate solution. \n\n34 - Medium CVEs that belong to SW components integrated in IPGW-firmware-image. ABB defines a medium severity for CVE\u2019s where there is no PoC available describing how to exploit such CVE and where the CVE belongs to a SW-Component as part of the IPGW-firmware-image, that is frequently used. For cases that are not fixed, ABB was not able to find an appropriate solution.\n\n403 - Low severity CVEs that belong to SW components integrated in IPGW-firmware-image. ABB defines a low severity for CVE\u2019s where there is no PoC available describing how to exploit such CVE and where criticality is seen low. ABB will monitor these CVE\u2019s internally\n",
"title": "Summary"
},
{
"category": "other",
"text": "For any installation of software-related ABB products and especially for products in scope of the IPGW product line, we strongly recommend the following (non-exhaustive) list of cyber security practices:\n\u2022\tEnsure that all IPGW products are upgraded to the latest firmware version. Please find the latest version of IPGW firmware on the respective product homepage.\n\u2022\tIsolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks) wherever possible.\n\u2022\tInstall physical controls to prevent unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n\u2022\tNever connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n\u2022\tScan all data imported into your environment before use to detect potential malware infections.\n\u2022\tMinimize network exposure for all IPGW ports and endpoints to ensure that they are not accessible directly from the Internet.\n\u2022\tEnsure all nodes of your internal network are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n\u2022\tAuthorized users shall change all default credentials during commissioning of an IPGW system. If credentials have not been changed during commission state, ABB advises to change each changeable credential at the earliest.\n\u2022\tPlease note: Remote access is supported exclusively by using ABB services such as my.busch-jaeger.de or mybuildings.abb.com. Other means of remote access violate the ABB specification of compliant product operation and the intended use of the product.\n",
"title": "General security recommendations"
},
{
"category": "other",
"text": "For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity\n\n",
"title": "Support"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.\nABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages.\nThis document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\nAll rights to registrations and trademarks reside with their respective owners.\n",
"title": "Notice"
},
{
"category": "general",
"text": "The vulnerabilities reported in scope of this document are only exploitable if attackers can access the network segment where IPGW is installed and exposed directly to the internet. ABB therefore recommends the following guidelines in order to protect customers networks:\n\u2022\tRemote access is supported exclusively by using ABB services such as my.busch-jaeger.de or mybuildings.abb.com. Other means of remote access violate the ABB specification of compliant product operation and the intended use of the product\n\u2022\tIPGW devices should never be exposed directly to the Internet either via a direct ISP connection nor via NAT port forwarding \n\u2022\tAuthorized users shall change all default credentials during commissioning of an IPGW system. If credentials have not been changed during commission state, ABB advises to change each changeable credential at the earliest\n\u2022\tEnsure that all IPGW products are upgraded to the latest firmware version. Please find the latest version of IPGW firmware on the respective product homepage\n",
"title": "Mitigating factors"
},
{
"category": "general",
"text": "Using the IPGW exclusively within the local Network is also possible. In this case no Internet service is required at all. The IPGW\u2019s IP-address must be protected against access over the Internet or other networks considered unsecure, by means of a firewall, NAT Router or similar.\nNOTE: Remote access is supported exclusively by using ABB services such as my.busch-jaeger.de or mybuildings.abb.com. Other means of remote access violate the ABB specification of compliant product operation and the intended use of the product\n",
"title": "Workarounds"
}
],
"publisher": {
"category": "vendor",
"name": "ABB PSIRT",
"namespace": "https://global.abb/group/en/technology/cyber-security/alerts-and-notifications"
},
"references": [
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - PDF version ",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A8948\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "self",
"summary": "ABB CYBERSECURITY ADVISORY - CSAF version ",
"url": "https://psirt.abb.com/csaf/2025/9akk108470a8948.json"
}
],
"title": "ELSB/Home Solutions Outdated SW Components in ABB Welcome IP-Gateway.",
"tracking": {
"current_release_date": "2025-06-05T00:30:00.000Z",
"generator": {
"date": "2025-09-23T13:37:31.002Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.35"
}
},
"id": "9AKK108470A8948",
"initial_release_date": "2025-05-29T00:30:00.000Z",
"revision_history": [
{
"date": "2025-04-11T08:30:00.000Z",
"legacy_version": "A",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-05T00:30:00.000Z",
"legacy_version": "B",
"number": "2",
"summary": "Version update"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.20",
"product": {
"name": "Welcome IP-Gateway Firmware Version \u003c= 6.20",
"product_id": "AV1"
}
},
{
"category": "product_version_range",
"name": "\u003c=6.20",
"product": {
"name": "Welcome IP-Gateway MDRC Firmware Version \u003c= 6.20",
"product_id": "AV2"
}
},
{
"category": "product_version_range",
"name": "\u003c=6.20",
"product": {
"name": "Welcome IP-Gateway Welcome M Firmware Version \u003c= 6.20",
"product_id": "AV3"
}
},
{
"category": "product_version",
"name": "6.25",
"product": {
"name": "Welcome IP-Gateway Firmware Version \u003e= 6.25",
"product_id": "FX1"
}
},
{
"category": "product_version",
"name": "6.25",
"product": {
"name": "Welcome IP-Gateway MDRC Firmware Version \u003e= 6.25",
"product_id": "FX2"
}
},
{
"category": "product_version",
"name": "6.25",
"product": {
"name": "Welcome IP-Gateway Welcome M Firmware Version \u003e= 6.25",
"product_id": "FX3"
}
}
],
"category": "product_family",
"name": "Welcome IP-Gateway"
}
],
"category": "vendor",
"name": "ABB"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56601",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Missing deletion of a dangling pointer in Linux kernel may result in a use-after-free attack",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1",
"FX2",
"FX3"
],
"known_affected": [
"AV1",
"AV2",
"AV3"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2024-56601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The vulnerabilities have been resolved in the firmware versions: 6.23 and later.",
"product_ids": [
"AV1",
"AV2",
"AV3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.3,
"environmentalSeverity": "CRITICAL",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 9.3,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"AV1",
"AV2",
"AV3"
]
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2023-6932",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4 stack",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"FX1",
"FX2",
"FX3"
],
"known_affected": [
"AV1",
"AV2",
"AV3"
]
},
"references": [
{
"category": "external",
"summary": "NVD - CVE-2023-6932",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "The vulnerabilities have been resolved in the firmware versions: 6.23 and later.\n",
"product_ids": [
"AV1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AV1",
"AV2",
"AV3"
]
}
],
"title": "CVE-2023-6932"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…