CVE-2024-8036

Summary

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

Affected Software

VendorProductVersion RangeStatus
ABBRelion Protection Relays RE_611 IEC1.0.0 <= 1.0.4affected
ABBRelion Protection Relays RE_611 IEC2.0.0 <= 2.0.4affected
ABBRelion Protection Relays REF615 IEC1.0.0 <= 1.2.0affected
ABBRelion Protection Relays REF615 ANSI1.0.0 <= 1.1.0affected
ABBRelion Protection Relays REX615PCL1affected
ABBRelion Protection Relays REX6101.1.1affected
ABBRelion Protection Relays REX6101.2.0affected
ABBRelion Protection Relays REX6401.0.0 <= 1.0.8affected
ABBRelion Protection Relays REX6401.1.0 <= 1.1.6affected
ABBRelion Protection Relays REX6401.2.0 <= 1.2.3affected
ABBRelion Protection Relays REX6401.3.0 <= 1.3.4affected
ABBSubstation Merging Unit SMU6151.0.0 <= 1.0.3affected
ABBSmart Substation Control and Protection SSC6001.0affected
ABBSmart Substation Control and Protection SSC6001.0 FP1affected
ABBSmart Substation Control and Protection SSC6001.0 FP2affected
ABBSmart Substation Control and Protection SSC6001.0 FP3affected
ABBSmart Substation Control and Protection SSC6001.0 FP4affected
ABBRelion Protection Relays REF615R ANSI4.0.0 <= 4.1.2affected
ABBRelion Protection Relays RED615 IEC1.0.0 <= 1.1.5affected
ABBRelion Protection Relays 615 series IEC2.0.0 <= 2.0.9affected
ABBRelion Protection Relays 615 series IEC3.0.0 <= 3.0.10affected
ABBRelion Protection Relays 615 series IEC4.0.0 <= 4.0.8affected
ABBRelion Protection Relays 615 series IEC4.1.9 <= 4.1.10affected
ABBRelion Protection Relays 615 series IEC5.0.0 <= 5.0.17affected
ABBRelion Protection Relays 615 series IEC5.1.0 <= 5.1.24affected
ABBRelion Protection Relays 615 series CN2.0.0 <= 2.0.9affected
ABBRelion Protection Relays 615 series CN3.0.0 <= 3..0.7affected
ABBRelion Protection Relays 615 series CN3.1.0 <= 3.1.10affected
ABBRelion Protection Relays 615 series CN4.1.0 <= 4.1.9affected
ABBRelion Protection Relays 615 series CN5.1.0 <= 5.1.4affected
ABBRelion Protection Relays 615 series ANSI2.0.0 <= 2.0.9affected
ABBRelion Protection Relays 615 series ANSI4.0.0 <= 4.0.5affected
ABBRelion Protection Relays 615 series ANSI4.1.0 <= 4.1.1affected
ABBRelion Protection Relays 615 series ANSI4.2.0 <= 4.2.3affected
ABBRelion Protection Relays 615 series ANSI5.1.0 <= 5.1.3affected
ABBRelion Protection Relays RER6151.0.0 <= 1.1.4affected
ABBRelion Protection Relays RER6152.0.0 <= 2.0.9affected
ABBRelion Protection Relays REC6151.0.0 <= 1.1.4affected
ABBRelion Protection Relays REC6152.0.0 <= 2.0.9affected
ABBRBX6151.0.0 <= 2.0.0affected
ABBRER620 ANSI1.0.0 <= 1.3affected
ABB620 Series IEC/CN2.0.0 <= 2.0.13affected
ABB620 Series IEC/CN2.1.0 <= 2.1.16affected
ABBRE_6301.1.0 <= 1.1.0 C5affected
ABBRE_6301.2.0 <= 1.2.0 B8affected
ABBRE_6301.3.0 <= 1.3.0 B1affected
ABBRIO6001.0.0 <= 1.8.8affected
ABBCOM6003.3affected
ABBCOM6003.4affected
ABBCOM6003.5affected
ABBCOM6004.0affected
ABBCOM6004.1affected
ABBCOM6005.0affected
ABBCOM6005.1affected
ABBSPA ZC-400Exxaffected
ABBSPA ZC-400Mxxaffected
ABBSPA ZC-400Sxxaffected
ABBSPA ZC-400xMxaffected
ABBSPA ZC-400Exxxaffected
ABBSPA ZC-400Mxxxaffected
ABBSPA ZC-400Sxxxaffected
ABBSPA ZC-400xMxxaffected
ABBSPA ZC-400xxxCaffected
ABBCOM600F ANSI4.1affected
ABBCOM600F ANSI5.0affected
ABBSPA ZC-402Exxxaffected
ABBSPA ZC-402Mxxxaffected
ABBSPA ZC-402Sxxxaffected
ABBSPA ZC-402xMxxaffected
ABBSPA ZC-402xxxCaffected
ABBREF542plusR1.0affected
ABBREF542plusR1.1affected
ABBREF542plusR2.0affected
ABBREF542plusR2.5affected
ABBREF542plusR2.5 ATEXaffected
ABBREF542plusR2.5 SP3affected
ABBREF542plusR2.6affected
ABBREF542plusR3.0affected
ABBREF542plusR3.0 SP1affected
ABBREF542plusR3.0 SP3affected
ABBSUE 30002.6 V4F07xaffected
ABBSUE 30003.0FP1 V4F11xaffected
ABBSUE 3000V4D02xaffected
ABBSUE 3000V4E0xxaffected
ABBARG600/ARP600/ARR600/ARC600 single SIM3.x.x <= 3.4.13affected
ABBARG600/ARP600 dual SIM2.x.x <= 3.4.13affected
ABBARM6004.x.x <= 5.0.3affected
ABBREC601/RER6011.1 <= 1.2affected
ABBREC603/RER6031.1 <= 1.2affected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

Workarounds

Please follow the guidelines in the following Product Advisory Note to improve the system security:

Guidelines to Prevent Unauthorized Modifications of Firmware and Configuration, ABB Digital Substation Products ( https://search.abb.com/library/Download.aspx?DocumentID=2NGA002288&amp;LanguageCode=en&amp;DocumentPhttps://search.abb.com/library/Download.aspx )

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References