ABB PB610 Panel Builder 600 (ICSA-19-178-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on use of hard-coded credentials, improper authentication, relative path traversal, improper input validation, and stack-based buffer overflow vulnerabilities in ABB PB610 Panel Builder 600. PB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 to 2.8.0.367 and prior are affected. An attacker who successfully exploits these vulnerabilities could prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node. ABB recommends users apply an update at the earliest convenience. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.