CVE-2013-0169 ABB CVE debrief

Who should care

OT security teams, system owners, and administrators responsible for ABB M2M Gateway ARM600 or ABB M2M Gateway SW deployments in the affected version ranges, especially where the gateway is reachable from untrusted networks, terminates VPNs, or supports remote administration.

Technical summary

The advisory describes a timing side-channel during MAC verification when malformed CBC padding is processed in TLS 1.1/1.2 and DTLS 1.0/1.2. In affected ABB products, an attacker who can repeatedly measure packet timing may distinguish processing paths and infer plaintext-related information. The supplied source frames the impact as confidentiality-focused with possible integrity consequences from information disclosure, and the CVSS vector is 3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N, with proof-of-concept exploit maturity and workaround-style remediation.

Defensive priority

Medium priority. Treat it as higher priority if the gateway is internet-reachable, used for remote access, or relied on for VPN/TLS/DTLS termination. The source advisory is older in vulnerability origin terms, but the 2025 ABB/CISA publication shows the affected product range remains relevant for deployed OT assets.

Recommended defensive actions

• Avoid exposing ARM600 or related system components directly to the internet.
• If remote access is required, expose only the VPN port and terminate remote connections in a DMZ or via a private cellular APN.
• Apply firewall allowlisting: open only the required ports and protocols, and block all other traffic.
• Change default credentials, remove unused accounts, and use least-privilege administrator access only when required.
• Follow ABB’s Cyber Security Deployment Guideline, user manual, and lifecycle management guidance for supported remediation or upgrade options.
• Use continuous monitoring such as IDS/IPS to detect anomalous traffic or timing-related abuse patterns.
• Harden the environment by removing unnecessary links, closing unused ports and services, and restricting traffic to necessary hosts only.
• Maintain validated backups and scan supporting PCs and transferred configuration or firmware files before use.

Evidence notes

The source corpus is a CISA CSAF advisory, ICSA-25-105-08, titled ABB M2M Gateway, published and modified on 2025-04-07. The advisory explicitly lists affected products and versions for ABB M2M Gateway ARM600 and ABB M2M Gateway SW, and it restates the Lucky Thirteen TLS/DTLS timing-side-channel description. No KEV entry or ransomware linkage is provided in the supplied source set. The date in this debrief reflects the advisory publication date, not the original vulnerability disclosure date.

Official resources