CVE-2024-0985 ABB CVE debrief

Who should care

Operators, administrators, and security teams responsible for ABB Ability Symphony Plus S+ Engineering installations, especially environments running versions 2.2 through 2.4 SP2 and variants listed in the advisory. Sites with privileged users who manage database or engineering tasks should treat this as urgent because exploitation depends on authorized refresh activity.

Technical summary

The advisory states that an attacker can provide untrusted materialized views and lure a high-privileged authorized user into refreshing the attacker’s view, causing arbitrary SQL functions to run. The published CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, reflecting network access, low attack complexity, limited privileges, required user interaction, and high impact to confidentiality, integrity, and availability. ABB’s CISA-republished advisory also notes that exploitation requires access to the S+ client/server network.

Defensive priority

High. This is a high-severity vulnerability with strong impact potential and no workaround. Prioritize patching affected engineering systems and tightening network access around the S+ client/server environment until remediation is complete.

Recommended defensive actions

• Verify whether your installation uses ABB Ability Symphony Plus S+ Engineering versions 2.2, 2.3, 2.3_RU1, 2.3_RU2, 2.3_RU3, 2.4, 2.4_SP1, or 2.4_SP2 as listed in the advisory.
• Upgrade affected systems to S+ Engineering 2.4 SP2 RU1 or later, as recommended by ABB.
• If you cannot patch immediately, apply ABB’s mitigations and recommended security practices, including network architecture and perimeter firewall controls to restrict access to the S+ client/server network.
• Treat privileged accounts that can refresh materialized views as high-risk and limit their use to necessary administrative tasks only.
• Review ABB’s general security recommendations for further guidance on maintaining system security.
• Monitor the environment for unexpected database or engineering activity involving materialized views and privileged refresh operations until remediation is complete.

Evidence notes

All statements are based on the CISA CSAF advisory ICSA-26-120-06, which republishes ABB PSIRT advisory 7PAA017341, and the linked official references. The advisory’s revision history shows initial publication on 2026-04-13 and republication on 2026-04-30. CISA states the affected product range and remediation to upgrade to 2.4 SP2 RU1 or later. The advisory also says no workaround is available and that exploitation requires access to the site’s S+ client/server network.

Official resources