csaf_abb - 9akk108471a1621

9AKK108471A1621

Vulnerability from csaf_abb - Published: 2025-06-02 00:30 - Updated: 2025-06-04 00:30

Summary

EIBPORT Session Management Fail

Notes

Summary

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these vulnerabilities could access sensitive information stored inside the device and can change the configuration of the device .

Mitigating factors

Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. More information on recommended practices can be found in the documents listed in the Reference section.

General security recommendations

For any installation of software-related ABB products and especially for products in scope of the EIBPORT product line, we strongly recommend the following (non-exhaustive) list of cyber security practices: • Ensure that all EIBPORT products are upgraded to the latest firmware version. Please find the latest version of EIBPORT firmware on the respective product homepage. • Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks). • Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks. • Never connect programming software or computers containing programming software to any network other than the network for the devices that it is intended for. • Scan all data imported into your environment before use to detect potential malware infections. • Minimize network exposure for all EIBPORT ports and endpoints to ensure that they are not accessible directly from the Internet. • Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall. • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. • Authorized users shall change all default credentials during commissioning of an EIBPORT system. If credentials have not been changed during commission state, ABB advises to change each changeable credential at the earliest. More information on recommended practices can be found in the documents listed in the Reference section.

Notice

The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software de-scribed in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

Support

For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters. Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Frank van den Hurk"
        ],
        "summary": "working with us to help protect customers"
      },
      {
        "names": [
          "Psytester"
        ],
        "summary": "describing the findings and helping to verify the resolving implementation"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "En",
    "notes": [
      {
        "category": "summary",
        "text": "ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory.\nAn attacker who successfully exploited these vulnerabilities could access sensitive information stored inside the device and can change the configuration of the device . \n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. \nMore information on recommended practices can be found in the documents listed in the Reference section.\n",
        "title": "Mitigating factors"
      },
      {
        "category": "other",
        "text": "For any installation of software-related ABB products and especially for products in scope of the EIBPORT product line, we strongly recommend the following (non-exhaustive) list of cyber security practices:\n\n\u2022\tEnsure that all EIBPORT products are upgraded to the latest firmware version. Please find the latest version of EIBPORT firmware on the respective product homepage.\n\n\u2022\tIsolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general-purpose network (e.g. office or home networks).\n\n\u2022\tInstall physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n\n\u2022\tNever connect programming software or computers containing programming software to any network other than the network for the devices that it is intended for.\n\n\u2022\tScan all data imported into your environment before use to detect potential malware infections.\n\n\u2022\tMinimize network exposure for all EIBPORT ports and endpoints to ensure that they are not accessible directly from the Internet.\n \n\u2022\tEnsure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall.\n\n\u2022\tWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available.\n\n\u2022\tAuthorized users shall change all default credentials during commissioning of an EIBPORT system. If credentials have not been changed during commission state, ABB advises to change each changeable credential at the earliest.\n\nMore information on recommended practices can be found in the documents listed in the Reference section.\n",
        "title": "General security recommendations"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.\nABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software de-scribed in this document, even if ABB or its suppliers have been advised of the possibility of such damages.\nThis document and parts hereof must not be reproduced or copied without written permission from ABB, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\nAll rights to registrations and trademarks reside with their respective owners.",
        "title": "Notice"
      },
      {
        "category": "other",
        "text": "For additional instructions and support please contact your local ABB service organization. For contact information, see www.abb.com/contactcenters.\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.",
        "title": "Support"
      }
    ],
    "publisher": {
      "category": "vendor",
      "name": "ABB PSIRT",
      "namespace": "https://global.abb/group/en/technology/cyber-security/alerts-and-notifications"
    },
    "references": [
      {
        "summary": "Supplier of Firmware",
        "url": "https://bab-technologie.com/"
      },
      {
        "summary": "Hardening guide for EIBPORT",
        "url": "https://bab-tec.de/itsecurity"
      },
      {
        "summary": "System Manual 1",
        "url": "https://library.e.abb.com/public/5e1a1868450b44b7c1256f160031da4e/0909_eibPort_12_03_GB.pdf"
      },
      {
        "summary": "System Manual 2",
        "url": "https://library.e.abb.com/public/5899790b64c28d08c1257ae8003a262b/9637_1_eibPort_ABB_versi%C3%B3n3_Documentaci%C3%B3n_EN.pdf"
      },
      {
        "summary": "ABB Hardening guide for general EIB and other products",
        "url": "https://www.busch-jaeger.de/media/download/Broschueren/en/ABB_Smart_Home_Security_2017.pdf"
      },
      {
        "category": "self",
        "summary": "ABB CYBERSECURITY ADVISORY - PDF version",
        "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A1621\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
      },
      {
        "category": "self",
        "summary": "ABB CYBERSECURITY ADVISORY - CSAF version",
        "url": "https://psirt.abb.com/csaf/2025/9akk108471a1621.json"
      }
    ],
    "title": "EIBPORT Session Management Fail",
    "tracking": {
      "current_release_date": "2025-06-04T00:30:00.000Z",
      "generator": {
        "date": "2025-09-23T14:01:17.918Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.35"
        }
      },
      "id": "9AKK108471A1621",
      "initial_release_date": "2025-06-02T00:30:00.000Z",
      "revision_history": [
        {
          "date": "2025-06-02T00:30:00.000Z",
          "legacy_version": "A",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-06-04T00:30:00.000Z",
          "legacy_version": "B",
          "number": "2",
          "summary": "CVE ID Corrected"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.9.8",
                "product": {
                  "name": "EIBPORT V3 KNX version \u003c= 3.9.8",
                  "product_id": "AV1"
                }
              },
              {
                "category": "product_version",
                "name": "3.9.9",
                "product": {
                  "name": "EIBPORT V3 KNX version 3.9.9",
                  "product_id": "FX1"
                }
              }
            ],
            "category": "product_name",
            "name": "EIBPORT V3 KNX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.9.8",
                "product": {
                  "name": "EIBPORT V3 KNX GSM version \u003c= 3.9.8",
                  "product_id": "AV2"
                }
              },
              {
                "category": "product_version",
                "name": "3.9.9",
                "product": {
                  "name": "EIBPORT V3 KNX GSM version 3.9.9",
                  "product_id": "FX2"
                }
              }
            ],
            "category": "product_name",
            "name": "EIBPORT V3 KNX GSM"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-13967",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "notes": [
        {
          "category": "description",
          "text": "This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "FX1",
          "FX2"
        ],
        "known_affected": [
          "AV1",
          "AV2"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD-CVE-2024-13967",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13967"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "ABB recommends that customers apply the update at the earliest convenience.  The vulnerabilities have been resolved in the product version: 3.9.9 ",
          "product_ids": [
            "AV1",
            "AV2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.4,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 8.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "AV1",
            "AV2"
          ]
        }
      ],
      "title": "CVE-2024-13967"
    }
  ]
}

CVE-2024-13967 (GCVE-0-2024-13967)

Vulnerability from cvelistv5 – Published: 2025-06-04 08:01 – Updated: 2025-06-17 11:46

Summary

This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-384 - Session Fixation

Assigner

ABB

References

URL

Tags

https://search.abb.com/library/Download.aspx?Docu…

Impacted products

Vendor

Product

Version

ABB

EIBPORT V3 KNX

Affected: 0 , ≤ 3.9.8 (custom)

ABB

EIBPORT V3 KNX GSM

Affected: 0 , ≤ 3.9.8 (custom)

Credits

Psytester for describing the findings and helping to verify the resolving implementation Frank van den Hurk for working with us to help protect customers

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-04T13:28:21.636579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T13:28:36.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EIBPORT V3 KNX",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EIBPORT V3  KNX GSM",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.9.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Psytester for describing the findings and helping to verify the resolving implementation"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Frank van den Hurk for working with us to help protect customers"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This vulnerability allows the successful attacker to gain unauthorized access to a \nconfiguration web page delivered by the integrated web Server of EIBPORT.\n\n\u003cp\u003eThis issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.\u003c/p\u003e"
            }
          ],
          "value": "This vulnerability allows the successful attacker to gain unauthorized access to a \nconfiguration web page delivered by the integrated web Server of EIBPORT.\n\nThis issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "CWE-384 Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T11:46:53.508Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A1621\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ession-Management Failure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-13967",
    "datePublished": "2025-06-04T08:01:43.117Z",
    "dateReserved": "2025-06-04T07:03:43.612Z",
    "dateUpdated": "2025-06-17T11:46:53.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

9AKK108471A1621

CVE-2024-13967 (GCVE-0-2024-13967)

Tags

Sightings

Nomenclature