CVE-2020-24672
📋 TL;DR
CVE-2020-24672 is a critical vulnerability in ABB's SoftControl Base Software that allows remote attackers to execute arbitrary code on affected systems. This affects industrial control systems using ABB's SoftControl platform, potentially allowing complete system compromise. The vulnerability is remotely exploitable without authentication.
💻 Affected Systems
- ABB SoftControl Base Software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover allowing attacker to disrupt industrial processes, steal sensitive data, or use the system as a pivot point to attack other industrial systems.
Likely Case
Remote code execution leading to malware deployment, data exfiltration, or disruption of industrial operations.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting isolated systems.
🎯 Exploit Status
CVSS 9.8 suggests low attack complexity and no authentication required. No public exploit code known at time of advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 5.1.0.0 or later
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=2PAA122974&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download SoftControl Base Software version 5.1.0.0 or later from ABB. 2. Backup current configuration. 3. Install the update following ABB's installation guide. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate SoftControl systems from untrusted networks and implement strict firewall rules.
Access Control Restrictions
allImplement strict network access controls and disable unnecessary services/ports.
🧯 If You Can't Patch
- Implement strict network segmentation and isolate affected systems in dedicated VLANs
- Deploy intrusion detection systems and monitor for suspicious activity targeting SoftControl systems
🔍 How to Verify
Check if Vulnerable:
Check SoftControl Base Software version in Control Panel > Programs and Features (Windows) or via ABB's management interface.Check Version:
Check Windows installed programs list or use ABB's diagnostic toolsVerify Fix Applied:
Verify installed version is 5.1.0.0 or later and check ABB's verification tools if available.📡 Detection & Monitoring
Log Indicators:
- Unexpected process creation, network connections from SoftControl systems to unknown destinations, authentication failures
Network Indicators:
- Unusual traffic patterns to/from SoftControl systems, unexpected protocol usage on industrial network segments
SIEM Query:
source="softcontrol*" AND (event_type="process_creation" OR event_type="network_connection") AND dest_ip NOT IN (allowed_ips)