Vulnetix
Try Vulnetix Request Demo
7PAA020125 PUBLISHED CVSS 6.5 MEDIUM

This vulnerability was privately reported relating to ABB’s implementation of the IEC 61850 communication stack for MMS client applications used in some Automation control system products. Note: IEC 61850 communication typically supports MMS and GOOSE protocols. Some ABB products support both, others only MMS (e.g. S+ Operations and PM 877). In any case, GOOSE communication is not impacted by this reported vulnerability. If an attacker gains access to a site’s IEC 61850 network, then exploiting this vulnerability will result in a device fault (PM 877, CI850 and CI868 modules) and will require a manual restart. If this attack is directed at a S+ Operations node running IEC 61850 connectivity, this will result in a crash in the IEC 61850 communication driver which, if continued a repeating basis, will also result in a denial-of-service situation. Note that this does not have an impact on the overall availability and functionality of the S+ Operations node, only the IEC 61850 communication function. The System 800xA IEC61850 Connect is not affected.

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
ABB Firmware B_0.005
ABB Firmware <=6.1.1202.0 (AC800M version 6.1.1-2)
ABB S+ Operations using IEC 61850 connectivity
ABB Firmware <=6.1.1004.0 AC800M version 6.1.1-0 and 6.1.1-1)
ABB Firmware <=6.2.0006.0 (AC800M version 6.2.0-0)
ABB Firmware A_1
ABB Symphony Plus MR (Melody Rack) PM 877 for IEC 61850 communication
ABB Firmware A_2.003
ABB Firmware 6.1.1-3 planned for Q2 2027
ABB Firmware A_0
ABB Firmware 7.0 released in Dec 2025
ABB Firmware <=6.0.0303.0 (AC800M version 6.0.0-x)
ABB Symphony Plus SD Series CI850 for IEC 61850 communication
ABB Firmware <=1.0031.0 (AC800M version 6.1.0-x)
ABB Firmware A_3.005
ABB Firmware A_4.001
ABB AC800M Product line (System 800xA) CI868 for IEC 61850 communication
ABB Firmware >=3.10|<=3.52
ABB Firmware 3.53 (planned Q1 2026)
ABB Firmware C_0 planned Q2 2026

Timeline

References

Open in Interactive Console →