Advant Master Online Builder DLL vulnerability

Since it is required that the attacker has access to the system, it is important that all users that have access to the system are managed as recommended by ABB guidelines. - Allow only authorized users to log on to the system and enforce strong passwords that are changed regularly. - Restrict temporary connection of portable computers, USB memory devices and other removable data carriers. Computers that can be physically accessed by regular users should have ports for removable data carriers disabled or at least managed to only allow intended device types. For more information on recommended practices, see [1].

ABB has investigated the vulnerability and remediated it in the newly released versions. The vulnerability has been resolved in the product versions listed as fixed in the advisory. - Version 6.1.1-2 does not contain this vulnerability and therefore no update is required. The vulnerability was again introduced in 6.1.1-3 when an older ONB version was included in the release media. - Version 6.1.1-4 do not contain this vulnerability but present version 6.1.1-3 by 800xA System Installer and System Configuration Console (SCC). Version 6.1.1-4 is therefore withdrawn. - Version 6.2.0-2 do not contain this vulnerability but present version 6.2.0-1 by 800xA System Installer and System Configuration Console (SCC). Version 6.2.0-2 is therefore withdrawn. ABB recommends that customers apply the update at their earliest convenience. - Control Builder A: It is recommended to update Control Builder A to version 1.4/5 or later. - 800xA for Advant Master: - Versions 6.0.3-1 and earlier, - Versions 6.1.1-1 and earlier, - Versions 6.1.1-2, 6.1.1-3, and 6.1.1-4 should be updated to version 6.1.1-5 or later. - 800xA for Advant Master: - Versions 6.2.0-1 and 6.2.0-2 should be updated to version 6.2.0-3 or later.

The recommendation is to upgrade to a version where the vulnerability is corrected. If an upgrade Is not possible and a workaround is needed, contact ABB Support.