PatchSiren cyber security CVE debrief
CVE-2018-1002208 ABB CVE debrief
CVE-2018-1002208 describes a vulnerability in SharpZip.dll used by ABB Protection and Control IED Manager PCM600 versions 1.5 through 2.13. According to the advisory, a specially crafted message to the system node can lead to insertion and execution of arbitrary code. The issue is rated CVSS 4.4 (Medium) and is constrained by local access, high attack complexity, low privileges, and required user interaction.
- Vendor
- ABB
- Product
- Protection and Control IED manager
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-03
- Original CVE updated
- 2026-05-13
- Advisory published
- 2025-11-03
- Advisory updated
- 2026-05-13
Who should care
Organizations using ABB Protection and Control IED Manager PCM600 in affected versions (1.5 through 2.13), especially OT/industrial control environments that process untrusted or externally supplied messages/files. Asset owners should also pay attention if they rely on RE_630 protection relays, because the advisory notes a compatibility constraint with PCM600 2.14.
Technical summary
The source advisory states that SharpZip.dll in the affected PCM600 versions can be abused through a specially crafted message sent to the system node, resulting in insertion and arbitrary code execution. The supplied CVSS vector (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C) indicates a local attack path with high complexity, low privileges, and user interaction required, with integrity impact emphasized over confidentiality or availability.
Defensive priority
Medium. Prioritize patching to PCM600 2.14 where operationally feasible, but account for the documented RE_630 compatibility limitation before rollout.
Recommended defensive actions
- Upgrade ABB Protection and Control IED Manager PCM600 to version 2.14, which the advisory identifies as the fixed version.
- If PCM600 2.14 cannot be used because of RE_630 compatibility, apply the vendor's general security recommendations and compensating system-level defenses.
- Restrict who can provide messages or files to the system node and minimize exposure of affected engineering workstations.
- Review OT asset inventories to identify PCM600 installations in the affected version range and track remediation status.
- Use the linked ABB and CISA advisory documents for environment-specific mitigation guidance before making changes in production.
Evidence notes
The product scope, affected versions, and fix come from the CISA CSAF source item and its referenced ABB PSIRT advisory. The exploit condition and impact language are taken directly from the advisory description: a specially crafted message to the system node can cause insertion and arbitrary code execution. The CVSS score and vector are also supplied in the source data. The advisory notes that RE_630 protection relays are not compatible with PCM600 2.14, so mitigation may be needed where upgrading is not possible. No KEV entry is indicated in the supplied enrichment fields.
Official resources
-
CVE-2018-1002208 CVE record
CVE.org
-
CVE-2018-1002208 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
The supplied source record shows initial publication on 2025-11-03, a CISA republication on 2026-04-30, and a minor revision on 2026-05-13. The CVE is not marked as a KEV item in the provided data.