{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/abb-pcm600/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":5.5,"id":"CVE-2018-1002208"}],"_cs_exploited":false,"_cs_products":["ABB PCM600"],"_cs_severities":["medium"],"_cs_tags":["ics","path traversal","industrial control system"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB PCM600 versions 1.5 through 2.13 are vulnerable to a path traversal flaw (CVE-2018-1002208) within the SharpZip.dll library. Successful exploitation enables a local attacker with low privileges to execute arbitrary code on the affected system. This vulnerability resides in the software used to configure and manage protection and control IEDs (Intelligent Electronic Devices) in critical infrastructure sectors, specifically critical manufacturing. ABB recommends updating to PCM600 version 2.14 to remediate this vulnerability. The vulnerability was reported to CISA by ABB PSIRT.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains low-privilege access to the target system running a vulnerable ABB PCM600 version.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious message containing a path traversal payload designed to exploit CVE-2018-1002208.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted message to the system node, targeting the vulnerable SharpZip.dll.\u003c/li\u003e\n\u003cli\u003eThe SharpZip.dll processes the message without properly sanitizing the provided path.\u003c/li\u003e\n\u003cli\u003eThe path traversal vulnerability allows the attacker to write arbitrary files to locations outside the intended directory.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the file write capability to place a malicious executable or library in a trusted location.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the execution of the malicious code, achieving arbitrary code execution on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as escalating privileges, installing malware, or disrupting industrial processes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-1002208 can lead to arbitrary code execution on systems running vulnerable ABB PCM600 versions within critical manufacturing environments. While no specific victim counts or sectors are detailed in the advisory, the vulnerability\u0026rsquo;s presence in industrial control systems poses a significant risk. A successful attack could disrupt manufacturing processes, cause equipment damage, or lead to data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to ABB Protection and control IED manager PCM600 version 2.14 to address CVE-2018-1002208 as per the vendor\u0026rsquo;s recommendation.\u003c/li\u003e\n\u003cli\u003eIf using RE_630 protection relays with older PCM600 versions, implement system-level defenses as described in ABB\u0026rsquo;s security advisory 2NGA002813.\u003c/li\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and systems, ensuring they are not accessible from the internet, as recommended by CISA.\u003c/li\u003e\n\u003cli\u003eMonitor file creation events for suspicious file paths that may indicate path traversal attempts exploiting CVE-2018-1002208, using a rule similar to the example provided.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T12:00:00Z","date_published":"2026-04-30T12:00:00Z","id":"/briefs/2026-04-abb-pcm600-path-traversal/","summary":"A path traversal vulnerability in ABB PCM600 versions 1.5 to 2.13 (CVE-2018-1002208) allows a local attacker with low privileges to execute arbitrary code by sending a specially crafted message to the system node.","title":"ABB PCM600 Path Traversal Vulnerability (CVE-2018-1002208)","url":"https://feed.craftedsignal.io/briefs/2026-04-abb-pcm600-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — ABB PCM600","version":"https://jsonfeed.org/version/1.1"}