ABB Warns of Critical ASPECT System Vulnerabilities: CVE-2024-6209 and CVE-2024-6298

ABB, a global leader in electrification and automation technologies, has released a critical cybersecurity advisory concerning vulnerabilities in its ASPECT energy management systems. These vulnerabilities, identified as CVE-2024-6209 and CVE-2024-6298, pose a significant risk to organizations utilizing ASPECT for optimizing energy consumption in buildings.

The ASPECT system has been found vulnerable to serious security flaws:

• CVE-2024-6209 (CVSSv4 9.4): Unauthorized File Access
• CVE-2024-6298 (CVSSv4 9.4): Remote Code Execution

The vulnerabilities, stemming from a configuration issue and insufficient input validation, could allow attackers to gain unauthorized access to system folders on ASPECT devices. In a worst-case scenario, malicious actors could exploit these flaws to take remote control of the system, potentially inserting and executing arbitrary code. This could lead to a complete compromise of the ASPECT system, disrupting energy management operations and potentially causing significant financial and operational damage to affected organizations.

The vulnerabilities affect the following ASPECT devices and firmware versions:

• ASPECT®-Enterprise
  • Model: ASP-ENT-x
  • ABB Product IDs: 2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021
  • Firmware Version: 3.08.01 and earlier
• NEXUS Series
  • Models: NEX-2x, NEXUS-3-x
  • ABB Product IDs: Various (see full advisory for details)
  • Firmware Version: 3.08.01 and earlier
• MATRIX Series
  • Model: MAT-x
  • ABB Product IDs: Various (see full advisory for details)
  • Firmware Version: 3.08.01 and earlier

ABB is urging customers who have exposed ASPECT devices to the internet or other insecure networks to immediately disconnect and isolate these devices. Even customers who have only intermittently connected ASPECT to insecure networks are advised to take the devices out of operation without delay and replace them with new, ABB-delivered versions.

While ABB is actively working on a software update to address the vulnerabilities, the company strongly recommends that customers follow the mitigating actions outlined in the advisory. These include:

• Disconnecting ASPECT devices from the internet and insecure networks.
• Implementing physical controls to prevent unauthorized access to devices and networks.
• Upgrading ASPECT firmware to the latest version.
• Using secure methods, such as Virtual Private Networks (VPNs), for remote access.

ABB also emphasizes the importance of adhering to general cybersecurity best practices, such as isolating special-purpose networks, regularly updating software and firmware, and minimizing network exposure for all ASPECT ports and endpoints.