CVE-1999-0524 ABB CVE debrief

Who should care

OT/ICS operators running ABB ARM600 or ABB M2M Gateway SW, network/security teams managing perimeter and OT segmentation firewalls, and asset owners responsible for firmware/version inventory in industrial environments.

Technical summary

The source describes an "ICMP Timestamp Request Remote Date Disclosure" condition: if ICMP timestamp packets are accepted, a remote system can request and receive timestamp information from the target. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating a low-complexity network attack with no privileges or user interaction required and limited confidentiality impact. CISA’s mitigation guidance is to filter ICMP types 13 and 14 from external systems at the firewall so the system time is not exposed.

Defensive priority

Medium

Recommended defensive actions

• Confirm whether ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 or ABB M2M Gateway SW 5.0.1 through 5.0.3 is deployed.
• Block or filter ICMP timestamp request/response traffic (ICMP types 13 and 14) at external-facing firewalls, per the CISA advisory.
• Review OT network segmentation so external hosts cannot probe control-network devices directly.
• Validate that perimeter rules and monitoring still permit only the minimum ICMP needed for operations.
• Use the linked ABB and CISA guidance to check for any vendor lifecycle or product-specific updates relevant to your deployment.

Evidence notes

Affected products and version ranges are taken from the CISA CSAF advisory ICSA-25-105-08 for ABB M2M Gateway. The mitigation text in the source explicitly recommends filtering ICMP types 13 and 14 by firewall to avoid exposing system time. The source metadata also supplies the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, which supports a confidentiality-only impact assessment.

Official resources