ICSA-25-105-08
ABB is aware of public reports of a vulnerabilities in product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could cause the product to stop, make the product inacces-sible, take remote control of the product or insert and run arbitrary code. As part of ABB product lifecycle policy, once a product transitions to end-of-life, we discontinue maintenance, security patches, and technical support to focus on current and future technologies. While the product will continue to function, we strongly recommend implementing mitigations defined in this document, such as using a private APN cellular network between Arctic wireless gateways and ARM600 for establishing VPN tunnels, to mitigate security risks and avoid potential vulnerabilities. As part of ABB product lifecycle policy, once a product transitions to Limited state, we discontinue maintenance, security patches, and technical support to focus on current and future technologies. While the product will continue to function, we strongly recommend implementing mitigations defined in this document to mitigate security risks.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB M2M Gateway SW, software versions = 5.0.1 <= 5.0.3 | ||
| ABB M2M Gateway ARM600, firmware versions = 4.1.2 <= 5.0.3 |
Timeline
- Apr 7, 2025 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-105-08.json advisory
- https://library.e.abb.com/public/0498e4c0babd46aa9243aedd6f99c375/ARM600_user_758861_ENk.pdf url
- https://new.abb.com/service/electrification/life-cycle-management?pe_data=D42415F457244415145784545584371%7C29609824 url
- https://search.abb.com/library/Download.aspx?DocumentID=2NGA002579&LanguageCode=en&DocumentPartId=&Action=Launch url
- https://search.abb.com/library/Download.aspx?DocumentID=1MRS758860&LanguageCode=en&DocumentPartId=&Action=Launch url
- https://library.e.abb.com/public/ffab1a14a42646c6adee38fc3de61dad/Arctic_csdepl_758860_ENf.pdf url
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url