Summary
This vulnerability was privately reported relating to ABB’s implementation of the IEC 61850 communication stack for MMS client applications used in some Automation control system products. Note: IEC 61850 communication typically supports MMS and GOOSE protocols. Some ABB products support both, others only MMS (e.g. S+ Operations and PM 877). In any case, GOOSE communication is not impacted by this reported vulnerability. If an attacker gains access to a site’s IEC 61850 network, then exploiting this vulnerability will result in a device fault (PM 877, CI850 and CI868 modules) and will require a manual restart. If this attack is directed at a S+ Operations node running IEC 61850 connectivity, this will result in a crash in the IEC 61850 communication driver which, if continued a repeating basis, will also result in a denial-of-service situation. Note that this does not have an impact on the overall availability and functionality of the S+ Operations node, only the IEC 61850 communication function. The System 800xA IEC61850 Connect is not affected.
The following versions of ABB System 800xA, Symphony Plus IEC 61850 are affected:
- AC800M Product line (System 800xA) CI868
- Symphony Plus SD Series CI850
- Symphony Plus MR (Melody Rack) PM 877
- S+ Operations
- Firmware <=6.0.0303.0, <=6.1.0031.0 , <=6.1.1004.0 , <=6.1.1202.0 , <=6.2.0006.0 , 6.1.1-3, 7.0, A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005, C_0, >=3.10|<=3.52, 3.53, 3.3, 2.3, 2.2, 2.1, 3.4 ()
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.5 | ABB | ABB System 800xA, Symphony Plus IEC 61850 | Improper Validation of Specified Quantity in Input |
Background
- Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-3756
A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed above. An attacker with access to IEC 61850 networks could exploit the vulnerability by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.
Affected Products
ABB System 800xA, Symphony Plus IEC 61850
ABB
fixed, known_affected
Remediations
Vendor fix
ABB advises all customers to review their installations to determine if they are using an impacted product as listed above, no further analysis or tools are needed to make this determination. The recommended immediate actions per product are listed below: – CI868 (for AC 800M) Devices with firmware versions reported in Affected products are vulnerable. All the vulnerabilities will be corrected in 6.1.1 and 7.0 tracks for 800xA. AC 800M 6.1.1-3 is planned for Q2 2027, AC 800M 7.0 has been released in December 2025. – CI850 (for Symphony Plus SD Series) Devices with firmware versions reported in Affected products are vulnerable. All the vulnerabilities will be corrected in version C_0 or later (planned Q2 2026). – PM 877 (Symphony Plus MR) Devices with firmware versions reported in Affected products are vulnerable. All the vulnerabilities will be corrected with firmware version 3.53 or later (planned Q1 2026). – S+ Operations Versions reported in Affected products are vulnerable. All the vulnerabilities will be corrected in version 3.4 or later (released in January 2026). ABB recommends customers appl
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: