---
title: "ABB B&R Industrial PCs Hit by Critical UEFI Vulnerabilities"
short_title: "Critical UEFI flaws in ABB B&R industrial PCs"
description: "Nine critical vulnerabilities in ABB B&R industrial PCs allow remote code execution, DoS attacks, and data theft. Learn how to patch and mitigate risks now."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, industrial-security, uefi, cve-2023-45229, rce]
score: 0.85
cve_ids: [CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237]
---
## TL;DR
ABB has patched nine critical vulnerabilities in its B&R industrial PCs, affecting UEFI firmware and enabling remote code execution (RCE), denial-of-service (DoS) attacks, DNS cache poisoning, and data exfiltration. Attackers could exploit these flaws via network access, posing severe risks to energy sector infrastructure. Immediate patching or mitigation steps are recommended.
Main Content
### Introduction
ABB, a global leader in industrial automation, has disclosed nine critical vulnerabilities in its B&R industrial PCs, which are widely deployed in energy and critical infrastructure sectors. These flaws, rooted in the UEFI firmware's Preboot eXecution Environment (PXE), could allow network-based attackers to execute remote code, disrupt operations, or steal sensitive data. With a CVSS score of 8.3, these vulnerabilities demand urgent attention from organizations relying on affected systems.
### Key Points
- Nine vulnerabilities identified in ABB B&R industrial PCs, affecting multiple product lines.
- Attack vectors include out-of-bounds reads, buffer overflows, infinite loops, and weak pseudo-random number generation.
- Impact: Remote code execution (RCE), DoS attacks, DNS cache poisoning, and sensitive data extraction.
- Affected systems: APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100.
- Mitigation: Disable PXE if unused, restrict IPv6 traffic, and apply patches immediately.
### Technical Details
The vulnerabilities stem from flaws in the EDK2 Network Package, a component of the UEFI firmware used in ABB B&R industrial PCs. Here’s a breakdown of the critical issues:
1. Out-of-Bounds Read (CVE-2023-45229, CVE-2023-45231)
- Triggered by processing malformed DHCPv6 Advertise messages or Neighbor Discovery Redirect messages.
- Allows attackers to read sensitive data from memory, leading to loss of confidentiality.
2. Buffer Overflow (CVE-2023-45230, CVE-2023-45234, CVE-2023-45235)
- Exploited via long Server ID options or DNS Servers options in DHCPv6 messages.
- Enables remote code execution (RCE) and system crashes, compromising integrity and availability.
3. Infinite Loop (CVE-2023-45232, CVE-2023-45233)
- Caused by parsing malformed IPv6 Destination Options headers or PadN options.
- Leads to DoS attacks by consuming system resources indefinitely.
4. Weak Pseudo-Random Number Generator (PRNG) (CVE-2023-45236, CVE-2023-45237)
- Predictable TCP Initial Sequence Numbers enable session hijacking and DNS cache poisoning.
- Attackers can intercept or manipulate network traffic, leading to data theft or spoofing.
### Impact Assessment
The vulnerabilities pose severe risks to industrial environments, particularly in the energy sector, where ABB B&R PCs are widely deployed. Successful exploitation could result in:
- Operational disruption: DoS attacks could halt critical processes, leading to downtime and financial losses.
- Data breaches: Sensitive information, including proprietary industrial data, could be exfiltrated.
- Remote control: Attackers could execute arbitrary code, gaining full control over affected systems.
- Supply chain risks: Compromised systems could serve as entry points for broader network infiltration.
Given the global deployment of these systems, the potential for widespread impact is significant. Organizations must act swiftly to mitigate risks.
### Affected Systems
The following ABB B&R industrial PCs are affected by these vulnerabilities:
| Product | Affected Versions | Patched Versions |
|---------------|------------------------------------------|----------------------|
| APC4100 | <1.09 | 1.09 |
| APC910 | <=1.25 | No patch (mitigate) |
| C80 | <1.14 | 1.14 |
| MPC3100 | <1.24 | 1.24 |
| PPC1200 | <1.14 | 1.14 |
| PPC900 | <2.16 | 2.16 |
| APC2200 | <1.35 | 1.35 |
| PPC2200 | <1.35 | 1.35 |
| APC3100 | <1.45 | 1.45 |
| PPC3100 | <1.45 | 1.45 |
### Mitigation Steps
ABB has released patches for most affected products, but APC910 will not receive an update. Organizations must implement the following measures:
#### 1. Apply Patches Immediately
- Update affected systems to the latest firmware versions listed above.
- Follow ABB’s user manual for update instructions.
#### 2. Disable PXE if Unused
- The vulnerabilities reside in the UEFI PXE functionality. If PXE is not required, disable it in the UEFI settings to eliminate the attack surface.
#### 3. Restrict Network Access
- Block IPv6 traffic on control network firewalls to prevent exploitation via DHCPv6 or IPv6 messages.
- Isolate industrial control systems (ICS) from business networks using firewalls and VLANs.
- Limit access to legitimate users only and monitor for suspicious activity.
#### 4. Follow Defense-in-Depth Strategies
- Refer to ABB’s security recommendations for additional hardening measures.
### Attack Vector
Exploitation requires network access to the targeted system. Attackers can:
- Craft malicious DHCPv6 or IPv6 messages to trigger buffer overflows or infinite loops.
- Exploit predictable TCP sequence numbers to hijack sessions or poison DNS caches.
- Gain remote code execution (RCE) by sending specially crafted packets to vulnerable systems.
Organizations should ensure that firewalls, intrusion detection systems (IDS), and network segmentation are in place to detect and block such attacks.
## Conclusion
The discovery of these nine critical vulnerabilities in ABB B&R industrial PCs underscores the growing cybersecurity risks facing critical infrastructure. With the potential for remote code execution, DoS attacks, and data theft, organizations must prioritize patching and mitigation efforts. Disabling unnecessary UEFI PXE functionality and restricting network access are immediate steps to reduce exposure. As industrial systems become increasingly connected, proactive security measures are essential to safeguard against evolving threats.
For further guidance, consult ABB’s official advisory and CISA’s recommended practices.
## References
[^1]: ABB. "ICS Advisory (ICSA-26-141-02)". CISA, 2026-05-21.
[^2]: CVE Details. "CVE-2023-45229 to CVE-2023-45237". Retrieved 2024-10-02.
[^3]: ABB B&R. "Defense-in-Depth for B&R Products". Retrieved 2024-10-02.