ABB has announced on March 27, 2023 that the Remote Control Command is a vulnerable part, after tests carried out by the security team at ABB. According to the same announcement, it is known that the affected products are all versions of RCCMD before 4.40 230207.Attackers who can successfully use this exploit can, which has RCCMD installed, gain access to your computer easily, threatening your personal data. Attackers can gain access easily by using the software’s default username and password.
What product is affected?
The RCCMD (Remote Control Command) is a software solution. It must be able to distinguish between a
real server and a virtual machine whose content appears within the IT infrastructure as a real server and take into account the inevitable dependencies. The main use case is where flexible software solutions for emergency shutdowns are needed. RCCMD runs platform-independent and can connect physical machines to fully virtualized environments to ensure a structured shutdown.
RCCMD can be flexibly adapted to almost any scenario, if for example:
extensibility and platform-independent flexibility are required
Special shutdown routines in micromanagement are required
Highly networked systems need to migrate to other data centers
Individual script solutions are required in heterogeneous systems
Mutual dependencies require exact time management
RCCMD starts individual scripts, can pass control commands and information to other RCCMD clients,
send feedback, shut down systems, trigger migrations, control and stop server processes, detect redundancies, start tools and pass parameters and much more. The RCCMD Software Client is a system solution that runs transparently in the background after installation and only becomes active when a valid sender sends a personalized control signal.
General security recommendations
- For any installation of software-related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:
- Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and
separate them from any general purpose network (e.g. office or home networks). - Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.
- Never connect programming software or computers containing programing software to any net-work
- Scan all data imported into your environment before use to detect potential malware infections.
- Minimize network exposure for all applications and endpoints to ensure that they are not accessible
- Ensure all nodes are always up to date in terms of installed software, operating system and firmware
patches as well as anti-virus and firewall.
ABB says:”Thanks Pablo Valle Alvear from Titanium Industrial Security for finding the vulnerability and protecting our customers.
A software update is available that resolves a privately reported vulnerability in the product versions listed above. The version number of the update is 4.40 230207.