← Back to all briefings

Infrastructure · Credibility 40/100 · · 4 min read

Infrastructure Briefing — ABB System 800xA permission flaws demand workstation hygiene

CISA’s ICSA-20-154-01 advisory shows weak default permissions in ABB System 800xA tooling let authenticated engineers corrupt applications or escalate privileges, so OT teams must accelerate upgrades, lock down service accounts, and isolate engineering stations.

Executive briefing: ABB confirmed that multiple System 800xA components (OPC Server for AC 800M, Control Builder M, MMS Server, SoftControl, and the 800xA base install) ship with weak access controls. CISA reports that authenticated users can modify application files, crash engineering functions, or escalate privileges by abusing the default ACLs—turning a single compromised workstation into a plant-wide integrity event.

Hardening actions for June 2020

  • Stage patch windows for every package. Deploy System 800xA 6.1 for OPC Server for AC 800M immediately and schedule the forthcoming 6.0.3 LTS releases for Control Builder, MMS Server, SoftControl, and the base stack so every node inherits the corrected ACLs.
  • Rotate and restrict service accounts. ABB urges operators to change any credentials that could have leaked and to disable interactive logon for service accounts so even compromised passwords cannot be abused from operator consoles.
  • Segment engineering workstations. Keep 800xA tooling on management VLANs with application whitelisting so malicious downloads cannot overwrite configuration files or drop payloads into system directories.

Monitoring and governance priorities

  • Validate ACL baselines. Scan System 800xA folders for unexpected write permissions and compare against ABB’s hardened baselines so SOC teams can catch privilege creep.
  • Instrument change control. Require dual authorization for 800xA project imports and keep gold images for every engineering laptop so you can reimage quickly if tampering is detected.
  • Document vendor dependencies. Capture which integrators rely on vulnerable 800xA components and force them to attest to upgrade timelines before they reconnect to production networks.

Source excerpts

Primary — impact summary: “Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, cause system functions to stop, and corrupt user applications.”

CISA — ICSA-20-154-01

Primary — mitigation guidance: “ABB recommends changing any user account passwords suspected to be known by an unauthorized person… Interactive logon (both local and remote) is recommended to be disabled for the service account.”

CISA — ICSA-20-154-01
  • ABB
  • System 800xA
  • CVE-2020-8473
Back to curated briefings