CVE-2024-8036
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Summary
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | Relion Protection Relays RE_611 IEC | 1.0.0 <= 1.0.4 | affected |
| ABB | Relion Protection Relays RE_611 IEC | 2.0.0 <= 2.0.4 | affected |
| ABB | Relion Protection Relays REF615 IEC | 1.0.0 <= 1.2.0 | affected |
| ABB | Relion Protection Relays REF615 ANSI | 1.0.0 <= 1.1.0 | affected |
| ABB | Relion Protection Relays REX615 | PCL1 | affected |
| ABB | Relion Protection Relays REX610 | 1.1.1 | affected |
| ABB | Relion Protection Relays REX610 | 1.2.0 | affected |
| ABB | Relion Protection Relays REX640 | 1.0.0 <= 1.0.8 | affected |
| ABB | Relion Protection Relays REX640 | 1.1.0 <= 1.1.6 | affected |
| ABB | Relion Protection Relays REX640 | 1.2.0 <= 1.2.3 | affected |
| ABB | Relion Protection Relays REX640 | 1.3.0 <= 1.3.4 | affected |
| ABB | Substation Merging Unit SMU615 | 1.0.0 <= 1.0.3 | affected |
| ABB | Smart Substation Control and Protection SSC600 | 1.0 | affected |
| ABB | Smart Substation Control and Protection SSC600 | 1.0 FP1 | affected |
| ABB | Smart Substation Control and Protection SSC600 | 1.0 FP2 | affected |
| ABB | Smart Substation Control and Protection SSC600 | 1.0 FP3 | affected |
| ABB | Smart Substation Control and Protection SSC600 | 1.0 FP4 | affected |
| ABB | Relion Protection Relays REF615R ANSI | 4.0.0 <= 4.1.2 | affected |
| ABB | Relion Protection Relays RED615 IEC | 1.0.0 <= 1.1.5 | affected |
| ABB | Relion Protection Relays 615 series IEC | 2.0.0 <= 2.0.9 | affected |
| ABB | Relion Protection Relays 615 series IEC | 3.0.0 <= 3.0.10 | affected |
| ABB | Relion Protection Relays 615 series IEC | 4.0.0 <= 4.0.8 | affected |
| ABB | Relion Protection Relays 615 series IEC | 4.1.9 <= 4.1.10 | affected |
| ABB | Relion Protection Relays 615 series IEC | 5.0.0 <= 5.0.17 | affected |
| ABB | Relion Protection Relays 615 series IEC | 5.1.0 <= 5.1.24 | affected |
| ABB | Relion Protection Relays 615 series CN | 2.0.0 <= 2.0.9 | affected |
| ABB | Relion Protection Relays 615 series CN | 3.0.0 <= 3..0.7 | affected |
| ABB | Relion Protection Relays 615 series CN | 3.1.0 <= 3.1.10 | affected |
| ABB | Relion Protection Relays 615 series CN | 4.1.0 <= 4.1.9 | affected |
| ABB | Relion Protection Relays 615 series CN | 5.1.0 <= 5.1.4 | affected |
| ABB | Relion Protection Relays 615 series ANSI | 2.0.0 <= 2.0.9 | affected |
| ABB | Relion Protection Relays 615 series ANSI | 4.0.0 <= 4.0.5 | affected |
| ABB | Relion Protection Relays 615 series ANSI | 4.1.0 <= 4.1.1 | affected |
| ABB | Relion Protection Relays 615 series ANSI | 4.2.0 <= 4.2.3 | affected |
| ABB | Relion Protection Relays 615 series ANSI | 5.1.0 <= 5.1.3 | affected |
| ABB | Relion Protection Relays RER615 | 1.0.0 <= 1.1.4 | affected |
| ABB | Relion Protection Relays RER615 | 2.0.0 <= 2.0.9 | affected |
| ABB | Relion Protection Relays REC615 | 1.0.0 <= 1.1.4 | affected |
| ABB | Relion Protection Relays REC615 | 2.0.0 <= 2.0.9 | affected |
| ABB | RBX615 | 1.0.0 <= 2.0.0 | affected |
| ABB | RER620 ANSI | 1.0.0 <= 1.3 | affected |
| ABB | 620 Series IEC/CN | 2.0.0 <= 2.0.13 | affected |
| ABB | 620 Series IEC/CN | 2.1.0 <= 2.1.16 | affected |
| ABB | RE_630 | 1.1.0 <= 1.1.0 C5 | affected |
| ABB | RE_630 | 1.2.0 <= 1.2.0 B8 | affected |
| ABB | RE_630 | 1.3.0 <= 1.3.0 B1 | affected |
| ABB | RIO600 | 1.0.0 <= 1.8.8 | affected |
| ABB | COM600 | 3.3 | affected |
| ABB | COM600 | 3.4 | affected |
| ABB | COM600 | 3.5 | affected |
| ABB | COM600 | 4.0 | affected |
| ABB | COM600 | 4.1 | affected |
| ABB | COM600 | 5.0 | affected |
| ABB | COM600 | 5.1 | affected |
| ABB | SPA ZC-400 | Exx | affected |
| ABB | SPA ZC-400 | Mxx | affected |
| ABB | SPA ZC-400 | Sxx | affected |
| ABB | SPA ZC-400 | xMx | affected |
| ABB | SPA ZC-400 | Exxx | affected |
| ABB | SPA ZC-400 | Mxxx | affected |
| ABB | SPA ZC-400 | Sxxx | affected |
| ABB | SPA ZC-400 | xMxx | affected |
| ABB | SPA ZC-400 | xxxC | affected |
| ABB | COM600F ANSI | 4.1 | affected |
| ABB | COM600F ANSI | 5.0 | affected |
| ABB | SPA ZC-402 | Exxx | affected |
| ABB | SPA ZC-402 | Mxxx | affected |
| ABB | SPA ZC-402 | Sxxx | affected |
| ABB | SPA ZC-402 | xMxx | affected |
| ABB | SPA ZC-402 | xxxC | affected |
| ABB | REF542plus | R1.0 | affected |
| ABB | REF542plus | R1.1 | affected |
| ABB | REF542plus | R2.0 | affected |
| ABB | REF542plus | R2.5 | affected |
| ABB | REF542plus | R2.5 ATEX | affected |
| ABB | REF542plus | R2.5 SP3 | affected |
| ABB | REF542plus | R2.6 | affected |
| ABB | REF542plus | R3.0 | affected |
| ABB | REF542plus | R3.0 SP1 | affected |
| ABB | REF542plus | R3.0 SP3 | affected |
| ABB | SUE 3000 | 2.6 V4F07x | affected |
| ABB | SUE 3000 | 3.0FP1 V4F11x | affected |
| ABB | SUE 3000 | V4D02x | affected |
| ABB | SUE 3000 | V4E0xx | affected |
| ABB | ARG600/ARP600/ARR600/ARC600 single SIM | 3.x.x <= 3.4.13 | affected |
| ABB | ARG600/ARP600 dual SIM | 2.x.x <= 3.4.13 | affected |
| ABB | ARM600 | 4.x.x <= 5.0.3 | affected |
| ABB | REC601/RER601 | 1.1 <= 1.2 | affected |
| ABB | REC603/RER603 | 1.1 <= 1.2 | affected |
Weaknesses
- CWE-347: CWE-347 Improper Verification of Cryptographic Signature
Workarounds
Please follow the guidelines in the following Product Advisory Note to improve the system security:
Guidelines to Prevent Unauthorized Modifications of Firmware and Configuration, ABB Digital Substation Products ( https://search.abb.com/library/Download.aspx?DocumentID=2NGA002288&LanguageCode=en&DocumentP… https://search.abb.com/library/Download.aspx )
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.