CVE-2024-8036

Published: Oct 25, 2024

Modified: Oct 30, 2024

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

Vendor	Product	Versions
ABB	Relion Protection Relays RE_611 IEC	affected `1.0.0 - <= 1.0.4` affected `2.0.0 - <= 2.0.4`
ABB	Relion Protection Relays REF615 IEC	affected `1.0.0 - <= 1.2.0`
ABB	Relion Protection Relays REF615 ANSI	affected `1.0.0 - <= 1.1.0`
ABB	Relion Protection Relays REX615	affected `PCL1`
ABB	Relion Protection Relays REX610	affected `1.1.1` affected `1.2.0`
ABB	Relion Protection Relays REX640	affected `1.0.0 - <= 1.0.8` affected `1.1.0 - <= 1.1.6` affected `1.2.0 - <= 1.2.3` affected `1.3.0 - <= 1.3.4`
ABB	Substation Merging Unit SMU615	affected `1.0.0 - <= 1.0.3`
ABB	Smart Substation Control and Protection SSC600	affected `1.0` affected `1.0 FP1` affected `1.0 FP2` affected `1.0 FP3` affected `1.0 FP4`
ABB	Relion Protection Relays REF615R ANSI	affected `4.0.0 - <= 4.1.2`
ABB	Relion Protection Relays RED615 IEC	affected `1.0.0 - <= 1.1.5`
ABB	Relion Protection Relays 615 series IEC	affected `2.0.0 - <= 2.0.9` affected `3.0.0 - <= 3.0.10` affected `4.0.0 - <= 4.0.8` affected `4.1.9 - <= 4.1.10` affected `5.0.0 - <= 5.0.17` +1 more versions
ABB	Relion Protection Relays 615 series CN	affected `2.0.0 - <= 2.0.9` affected `3.0.0 - <= 3..0.7` affected `3.1.0 - <= 3.1.10` affected `4.1.0 - <= 4.1.9` affected `5.1.0 - <= 5.1.4`
ABB	Relion Protection Relays 615 series ANSI	affected `2.0.0 - <= 2.0.9` affected `4.0.0 - <= 4.0.5` affected `4.1.0 - <= 4.1.1` affected `4.2.0 - <= 4.2.3` affected `5.1.0 - <= 5.1.3`
ABB	Relion Protection Relays RER615	affected `1.0.0 - <= 1.1.4` affected `2.0.0 - <= 2.0.9`
ABB	Relion Protection Relays REC615	affected `1.0.0 - <= 1.1.4` affected `2.0.0 - <= 2.0.9`
ABB	RBX615	affected `1.0.0 - <= 2.0.0`
ABB	RER620 ANSI	affected `1.0.0 - <= 1.3`
ABB	620 Series IEC/CN	affected `2.0.0 - <= 2.0.13` affected `2.1.0 - <= 2.1.16`
ABB	RE_630	affected `1.1.0 - <= 1.1.0 C5` affected `1.2.0 - <= 1.2.0 B8` affected `1.3.0 - <= 1.3.0 B1`
ABB	RIO600	affected `1.0.0 - <= 1.8.8`
ABB	COM600	affected `3.3` affected `3.4` affected `3.5` affected `4.0` affected `4.1` +2 more versions
ABB	SPA ZC-400	affected `Exx` affected `Mxx` affected `Sxx` affected `xMx` affected `Exxx` +4 more versions
ABB	COM600F ANSI	affected `4.1` affected `5.0`
ABB	SPA ZC-402	affected `Exxx` affected `Mxxx` affected `Sxxx` affected `xMxx` affected `xxxC`
ABB	REF542plus	affected `R1.0` affected `R1.1` affected `R2.0` affected `R2.5` affected `R2.5 ATEX` +5 more versions
ABB	SUE 3000	affected `2.6 V4F07x` affected `3.0FP1 V4F11x` affected `V4D02x` affected `V4E0xx`
ABB	ARG600/ARP600/ARR600/ARC600 single SIM	affected `3.x.x - <= 3.4.13`
ABB	ARG600/ARP600 dual SIM	affected `2.x.x - <= 3.4.13`
ABB	ARM600	affected `4.x.x - <= 5.0.3`
ABB	REC601/RER601	affected `1.1 - <= 1.2`
ABB	REC603/RER603	affected `1.1 - <= 1.2`

Weaknesses (CWE)

CWE-347

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

References

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-8036

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References