CVE-2022-1607 in Pulsar Plus System Controller NE843_Sinfo

Summary

by MITRE • 02/24/2023

Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 03/24/2023

This cross-site request forgery vulnerability resides within ABB's industrial control systems, specifically the Pulsar Plus System Controller NE843_S and Infinity DC Power Plant components. The flaw represents a critical security weakness that allows attackers to perform unauthorized actions on behalf of authenticated users within the industrial control environment. The vulnerability manifests due to insufficient validation of request origins and lack of proper anti-CSRF token implementation in the web-based management interfaces of these industrial devices. The affected systems operate in critical infrastructure environments where unauthorized modifications could lead to significant operational disruptions and safety hazards.

The technical implementation of this CSRF vulnerability stems from the absence of robust origin validation mechanisms and anti-CSRF tokens in the web interfaces of these industrial controllers. Attackers can craft malicious requests that exploit the trust relationship between the web interface and authenticated users, enabling them to execute commands without proper authorization. The vulnerability affects specific firmware versions and configuration codes including comcode 150042936 for NE843_S controllers and comcode 150047415 for Infinity DC Power Plant systems. This issue falls under CWE-352, which specifically addresses Cross-Site Request Forgery vulnerabilities in software applications. The attack vector typically involves social engineering techniques where users are tricked into visiting malicious websites that automatically submit requests to the vulnerable industrial systems.

The operational impact of this vulnerability extends beyond traditional web application security concerns into critical infrastructure safety and reliability domains. Industrial control systems managing power plant operations and process control cannot afford unauthorized modifications that could compromise safety systems, production processes, or operational integrity. An attacker exploiting this CSRF vulnerability could potentially alter system configurations, modify operational parameters, or execute unauthorized commands that affect power generation, distribution, or process control. The severity is compounded by the fact that these systems operate in environments where security is paramount and unauthorized access could result in significant financial losses, environmental damage, or safety incidents. This vulnerability aligns with ATT&CK technique T1566 which covers social engineering tactics including spearphishing with a focus on industrial control systems.

Mitigation strategies for this CSRF vulnerability require immediate implementation of proper anti-CSRF token mechanisms in the web interfaces of affected ABB systems. Organizations must ensure that all state-changing requests include unique, unpredictable tokens that validate the origin of requests and prevent unauthorized command execution. Network segmentation and access control measures should be implemented to limit exposure of these industrial web interfaces to untrusted networks. Regular security updates and firmware patches from ABB should be deployed immediately upon availability, as the vendor would have likely released remediation measures for this specific vulnerability. Additionally, administrative users should be trained to recognize social engineering attempts and verify all requests before execution, particularly when dealing with industrial control system interfaces that may be exposed to web-based attack vectors. Security monitoring should include detection of anomalous request patterns that could indicate CSRF attack attempts within the industrial control environment.

Reservation

05/06/2022

Disclosure

02/24/2023

Moderation

accepted

CPE

ready

EPSS

0.00215

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!