Intrusion Prevention

ABB.PGIM.and.Plant.Connect.Authentication.Bypass

Description

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in ABB PGIM and Plant Connect.
A remote attack could exploit this vulnerability by sending a crafted command the vulnerable server. Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device.

Affected Products

Power Generation Information Manager (PGIM) - all versions
Plant Connect - all versions

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

ABB advises users upgrade to Symphony Plus Historian. Symphony Plus Historian is the successor to the PGIM and Plant Connect products and features improved cybersecurity.
https://search.abb.com/library/Download.aspx?DocumentID=8VZZ002158T0001&LanguageCode=en&DocumentPartId=&Action=Launch

CVE References

CVE-2019-18250

Other References

ICSA-19-318-05