ABB team from security advisor, has found multiple vulnerabilities in Freelance Controller.
The following table is affected products:
Freelance major version Freelance controllers CVE-2023-0425 CVE-2023-0426
V9.2 SP2 and prior DCP
AC 700F Yes Yes
AC 800F
Freelance 2013 DCP
Freelance 2013 SP1
Freelance 2016 AC 700F Yes Yes
Freelance 2016 SP1
Freelance 2019 AC 800F
Freelance 2019 SP1
Freelance 2019 SP1 FP1 AC 900F Yes Yes
ABB is aware of vulnerabilities in the product versions listed above. An update is available that resolves
the reported vulnerabilities in the product versions under maintenance.
An attacker who successfully exploited one or more of these vulnerabilities could cause the product to
stop or make the product inaccessible.
General security recommendation is coming from ABB Security team:
Control systems and the control network are exposed to cyber threats. In order to minimize these risks,
the protective measures and best practices listed below are available in addition to other measures. ABB
strongly recommends system integrator and asset owners to implement the measures they consider
appropriate for their control system environment:
– Place control systems in a dedicated control network containing control systems only.
– Locate control networks and systems behind firewalls and separate them from any other networks
like business networks and the Internet.
– Block any inbound Internet traffic destined for the control networks/systems. Place remote access
systems used for remote control system access outside the control network.
– Use trusted, patched software and malware protection solutions. Interact with trusted web sites and
trusted email attachments only.
– Ensure all Freelance products are always up to date in terms of installed software, operating system
and firmware patches as well as anti-virus and firewall.
– Protect control systems from physical access by unauthorized personnel e.g. by placing them in
locked switch cabinets.