# ICS Advisory (ICSA-20-175-03)
## ABB Device Library Wizard
Original release date: June 23, 2020
[Print Document](javascript:window.print\(\);)
[Tweet](https://twitter.com/share?url=https%3A%2F%2Fus-
cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-175-03)
[Like Me](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-
cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-175-03)
[Share](http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-
cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-175-03)
### Legal Notice
All information products included in [https://us-cert.gov/ics](/ics) are
provided "as is" for informational purposes only. The Department of Homeland
Security (DHS) does not provide any warranties of any kind regarding any
information contained within. DHS does not endorse any commercial product or
service, referenced in this product or otherwise. Further dissemination of
this product is governed by the Traffic Light Protocol (TLP) marking in the
header. For more information about TLP, see [https://www.us-
cert.gov/tlp/](/tlp/).
* * *
## 1\. EXECUTIVE SUMMARY
* **CVSS v3 7.8**
* **ATTENTION:** Low skill level to exploit
* **Vendor:** ABB
* **Equipment:** Device Library Wizard
* **Vulnerability:** Insecure Storage of Sensitive Information
## 2\. RISK EVALUATION
Successful exploitation of this vulnerability could allow a low-level user to
escalate privileges and fully compromise the device.
## 3\. TECHNICAL DETAILS
### 3.1 AFFECTED PRODUCTS
The following products of Device Library Wizard are affected:
* Device Library Wizard: Versions 6.0.X, 6.0.3.1, and 6.0.3.2
### 3.2 VULNERABILITY OVERVIEW
#### 3.2.1 [INSECURE STORAGE OF SENSITIVE INFORMATION
CWE-922](https://cwe.mitre.org/data/definitions/922.html)
The software writes sensitive system information to an unprotected file, and a
low-privileged user could read confidential data from such a file. This could
allow the user to take control of the product
[CVE-2020-8482](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8482)
has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been
calculated; the CVSS vector string is
([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)).
### 3.3 BACKGROUND
* **CRITICAL INFRASTRUCTURE SECTORS:** Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems
* **COUNTRIES/AREAS DEPLOYED:** Worldwide
* **COMPANY HEADQUARTERS LOCATION:** United States
### 3.4 RESEARCHER
William Knowles of Applied Risk reported this vulnerability to ABB.
## 4\. MITIGATIONS
ABB recommends users apply one of the following updates:
* Device Library Wizard Version 6.0.3.2 RU1
* Device Library Wizard Version 6.0.3.3
* Device Library Wizard Version 6.1.X and later
ABB recommends disabling interactive logon for the service account (both local
and remote).
For more information please refer to [ABB's Cybersecurity
Advisory](https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch).
CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:
* Follow the principle of least privilege.
CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.
CISA also provides a section for [control systems security recommended
practices](https://www.us-cert.gov/ics/recommended-practices) on the ICS
webpage on [us-cert.gov](https://www.us-cert.gov/ics). Several recommended
practices are available for reading and download, including [Improving
Industrial Control Systems Cybersecurity with Defense-in-Depth
Strategies](https://www.us-
cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-
CERT_Defense_in_Depth_2016_S508C.pdf).
Additional mitigation guidance and recommended practices are publicly
available on the [ICS webpage on us-cert.gov](https://www.us-cert.gov/ics) in
the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion
Detection and Mitigation Strategies](https://www.us-cert.gov/ics/tips/ICS-
TIP-12-146-01B).
Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.
No known public exploits specifically target this vulnerability. This
vulnerability is not exploitable remotely.
暂无评论