CVE-2018-20505 ABB CVE debrief

Who should care

Organizations using ABB B&R Automation Studio versions prior to 6.5 should be aware of this vulnerability and take steps to mitigate it. Additionally, developers and administrators working with SQLite 3.25.2 should be cautious when running queries on tables with malformed PRIMARY KEYS. This vulnerability can be particularly problematic in WebSQL use cases.

Technical summary

The vulnerability is caused by a flaw in SQLite 3.25.2 that allows remote attackers to cause a denial of service (application crash) by running queries on a table with a malformed PRIMARY KEY. This can be exploited in certain WebSQL use cases. The vulnerability has a CVSS score of 7.5 and is considered high severity. ABB B&R Automation Studio versions prior to 6.5 are affected by this vulnerability.

Defensive priority

High priority should be given to patching ABB B&R Automation Studio versions prior to 6.5. Additionally, defenders should consider implementing compensating controls to mitigate the vulnerability.

Recommended defensive actions

• Patch ABB B&R Automation Studio to version 6.5 or later
• Implement compensating controls to mitigate the vulnerability
• Monitor for suspicious activity related to WebSQL use cases
• Conduct regular vulnerability assessments and penetration testing
• Consider implementing additional security measures such as input validation and error handling

Evidence notes

The vulnerability is documented in the CVE-2018-20505 record and the NVD detail page. ABB has released a security advisory (SA25P007) that provides details on the vulnerability and recommends patching to version 6.5 or later. CISA has also released an advisory (ICSA-26-141-03) that provides additional information on the vulnerability and recommends patching.

Official resources