{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/abb-ability-symphony-plus-s+-engineering-2.3-ru3/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2023-5869"},{"cvss":7.5,"id":"CVE-2023-39417"},{"cvss":8.8,"id":"CVE-2024-7348"}],"_cs_exploited":false,"_cs_products":["ABB Ability Symphony Plus S+ Engineering 2.2","ABB Ability Symphony Plus S+ Engineering 2.3","ABB Ability Symphony Plus S+ Engineering 2.3 RU1","ABB Ability Symphony Plus S+ Engineering 2.3 RU2","ABB Ability Symphony Plus S+ Engineering 2.3 RU3","ABB Ability Symphony Plus S+ Engineering 2.4","ABB Ability Symphony Plus S+ Engineering 2.4 SP1","ABB Ability Symphony Plus S+ Engineering 2.4 SP2"],"_cs_severities":["critical"],"_cs_tags":["vulnerability","ics","postgresql"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB Ability Symphony Plus Engineering versions 2.2 through 2.4 SP2 are susceptible to multiple vulnerabilities originating in the included PostgreSQL database. An attacker gaining access to the S+ Client Server network could exploit CVE-2023-5869 (Integer Overflow), CVE-2023-39417 (SQL Injection), and CVE-2024-7348 (TOCTOU race condition) to execute arbitrary code and potentially compromise the entire ABB system. This poses a significant risk to organizations in critical infrastructure sectors, including Chemical, Critical Manufacturing, Energy, and Water/Wastewater, as these systems are vital for operational control and safety. Successful exploitation could result in loss of control, data breaches, or disruption of essential services. ABB released S+ Engineering 2.4 SP2 RU1 in December 2024 as a fix.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to the target network, specifically the S+ Client Server network, possibly through existing vulnerabilities or misconfigurations.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the PostgreSQL database server used by ABB Ability Symphony Plus Engineering.\u003c/li\u003e\n\u003cli\u003eAttacker exploits CVE-2023-5869 by providing crafted data to trigger an integer overflow, enabling arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker exploits CVE-2023-39417 by injecting malicious SQL code through extension scripts, leading to arbitrary code execution with administrator privileges.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker exploits CVE-2024-7348, leveraging a TOCTOU race condition to execute arbitrary SQL functions with elevated privileges using a PostgreSQL utility.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code within the context of the compromised ABB Ability Symphony Plus Engineering application or the underlying PostgreSQL database.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised system to move laterally within the OT network, potentially targeting other critical systems or data repositories.\u003c/li\u003e\n\u003cli\u003eAttacker achieves complete compromise of the ABB Ability Symphony Plus Engineering system, allowing manipulation of industrial processes, data exfiltration, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities in ABB Ability Symphony Plus Engineering can have severe consequences, particularly in critical infrastructure sectors. Affected sectors include chemical, critical manufacturing, energy, and water/wastewater facilities worldwide. A compromised system could allow attackers to manipulate industrial processes, leading to equipment damage, environmental incidents, or disruption of essential services like power generation or water treatment. The vulnerabilities could allow attackers to gain unauthorized access to sensitive data, intellectual property, or control systems, resulting in significant financial losses, reputational damage, and potential safety risks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade ABB Ability Symphony Plus Engineering to version 2.4 SP2 RU1 (re-leased in December 2024) or later, as recommended by ABB, to address the identified vulnerabilities (Vendor fix).\u003c/li\u003e\n\u003cli\u003eReview and enforce network segmentation and firewall configurations to restrict access to the S+ client/server network, mitigating the risk of external attackers exploiting these vulnerabilities (Mitigation).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity indicative of PostgreSQL exploitation attempts. Deploy the Sigma rule \u003ccode\u003eDetect Suspicious PostgreSQL Utility Execution\u003c/code\u003e to identify potential exploitation of CVE-2024-7348.\u003c/li\u003e\n\u003cli\u003eEnable logging of PostgreSQL queries and analyze logs for SQL injection attempts, specifically looking for suspicious use of extension scripts. Deploy the Sigma rule \u003ccode\u003eDetect SQL Injection in PostgreSQL Logs\u003c/code\u003e to identify potential exploitation of CVE-2023-39417.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T12:00:00Z","date_published":"2026-04-30T12:00:00Z","id":"/briefs/2026-04-abb-symphony-vulns/","summary":"Multiple vulnerabilities in ABB Ability Symphony Plus Engineering, stemming from underlying PostgreSQL flaws, could allow a remote attacker with network access to execute arbitrary code and compromise the system.","title":"ABB Ability Symphony Plus Engineering Vulnerabilities Allow Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-04-abb-symphony-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — ABB Ability Symphony Plus S+ Engineering 2.3 RU3","version":"https://jsonfeed.org/version/1.1"}