InfrastructureABB System 800xA permission flaws demand workstation hygiene
CISA’s ICSA-20-154-01 advisory shows weak default permissions in ABB System 800xA tooling let authenticated engineers corrupt applications or escalate privileges, so OT teams must accelerate upgrades, lock down service accounts, and isolate engineering stations.
Verified for technical accuracy — Kodi C.
At a glance
CISA advisory ICSA-20-154-01 published on disclosed multiple vulnerabilities in ABB System 800xA, a widely deployed distributed control system used in process industries including oil and gas, chemicals, and utilities. The vulnerabilities stem from weak default permissions that could enable authenticated users to escalate privileges, corrupt applications, or cause denial of service conditions.
System 800xA Context
ABB System 800xA is a full industrial automation platform:
- Market position: One of the leading DCS platforms globally, installed in thousands of process industry facilities.
- Component breadth: Includes OPC Server for AC 800M, Control Builder M, MMS Server, SoftControl, and base system components.
- Integration depth: Deeply integrated into process control, with connections to field devices, safety systems, and business networks.
- Lifecycle considerations: Long deployment lifecycles mean many systems run older versions requiring careful upgrade planning.
Vulnerability breakdown
The advisory documents two primary vulnerability classes:
- CVE-2020-8472 (Weak Permissions): Multiple System 800xA components ship with default file permissions allowing authenticated users to modify application files, potentially leading to code execution or denial of service.
- CVE-2020-8473 (Permission Bypass): Weak folder permissions enable authenticated users to overwrite system files or escalate privileges beyond their intended access level.
While exploitation requires local or authenticated access, the industrial control environment context makes these vulnerabilities significant—engineering workstations and operator stations may have multiple users with varying trust levels.
Attack Scenarios
Exploitation could occur through several vectors:
- Compromised contractor: System integrators or contractors with legitimate access could exploit weak permissions for unauthorized modifications.
- Lateral movement: Attackers who gain initial access to engineering networks could escalate privileges on 800xA systems.
- Insider threat: Authorized users could abuse permissions to sabotage systems or cover tracks.
- Malware propagation: Malware on engineering workstations could use weak permissions to persist or spread.
Affected Components
Multiple System 800xA components require remediation:
- OPC Server for AC 800M: All versions before 6.1
- Control Builder M: All versions before 6.0.3 LTS
- MMS Server: All versions before 6.0.3 LTS
- SoftControl: All versions before 6.0.3 LTS
- System 800xA Base: All versions before 6.0.3 LTS
If you are affected, inventory all 800xA installations to identify affected versions.
Remediation Steps
ABB recommends full remediation:
- Apply patches: Upgrade to System 800xA 6.1 for OPC Server and 6.0.3 LTS for other components.
- Credential rotation: Change passwords for any accounts that may have been exposed, particularly service accounts.
- Service account hardening: Disable interactive logon for service accounts to prevent credential abuse.
- Permission validation: Verify file and folder permissions match ABB's hardened baselines after patching.
Engineering Workstation Hardening
Beyond specific 800xA remediation, harden engineering environments:
- Network segmentation isolating engineering workstations from operator networks and business IT.
- Application allowlisting preventing unauthorized software execution.
- Endpoint detection and response for visibility into workstation activity.
- Regular access reviews ensuring appropriate privilege levels.
- Change management controls for 800xA project modifications.
Vendor Coordination
Organizations using system integrators should require patch status attestation before allowing network access, include vulnerability remediation in maintenance contracts, and verify integrators follow ABB security guidance.
Wrapping up
ICSA-20-154-01 highlights the importance of default configuration security in industrial control systems. If you are affected, focus on patching while implementing engineering workstation hardening and access control improvements to reduce risk from permission-based vulnerabilities.
Continue in the Infrastructure pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Telecom Modernization Infrastructure Guide
Modernise telecom infrastructure using 3GPP Release 18 roadmaps, O-RAN Alliance specifications, and ITU broadband benchmarks curated here.
-
Infrastructure Resilience Guide
Coordinate capacity planning, supply chain, and reliability operations using DOE grid programmes, Uptime Institute benchmarks, and NERC reliability mandates covered here.
-
Edge Resilience Infrastructure Guide
Engineer resilient edge estates using ETSI MEC standards, DOE grid assessments, and GSMA availability benchmarks documented here.
Coverage intelligence
- Published
- Coverage pillar
- Infrastructure
- Source credibility
- 73/100 — medium confidence
- Topics
- ABB · System 800xA · CVE-2020-8473
- Sources cited
- 3 sources (cisa.gov, cvedetails.com, iso.org)
- Reading time
- 5 min
Cited sources
- ICSA-20-154-01: ABB System 800xA
- CVE Details - Vulnerability Database — CVE Details
- ISO/IEC 27017:2015 — Cloud Service Security Controls — International Organization for Standardization
Comments
Community
We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.
No approved comments yet. Add the first perspective.