Vulnerability in ABB LVS MConfig Allows Access to Passwords Stored in Application Memory

ABB has informed users about an internal discovery of a vulnerability affecting versions up to 1.4.9.21 inclusive of its MConfig software. Exploitation of this issue can lead to leakage of sensitive data such as application credentials stored in device memory.

Details of the Vulnerability

The problem lies in how during operation, the user's password is stored unencrypted in RAM while using MConfig. This means anyone who gains physical or network access to the device could create a system memory dump and extract saved passwords from it. Such attacks are possible even without privileged system access since exploiting requires only command execution capabilities on the device.

This issue is classified under CWE-316, falling into the category “Storing Sensitive Information in Cleartext”.

How Does It Impact Your Business?

If your organization utilizes ABB’s LVS MConfig software for industrial automation management, then this security flaw poses significant risks. Loss of control over employee or system account details may result in:

• Leakage of confidential production-related information;
• Disruption of continuous manufacturing processes;
• Potential violations of regulatory requirements and information security standards.

It is particularly important for organizations operating in these critical infrastructure sectors to consider this threat:

• Chemical industry;
• Food & agriculture;
• Transportation systems;
• Water supply and sanitation services.

What Should Users Do?

To minimize risks, we recommend taking the following steps:

• Update MConfig software to the latest available version (version ≥ 1.4.9.22);
• Restrict both physical and logical access by unauthorized individuals to devices running MConfig;
• Regularly audit user permissions and monitor security events;
• Implement additional protective measures like traffic encryption between devices and usage of VPN networks.

Additionally, ABB advises reviewing the product documentation's "Mitigating Factors" section for further guidance on protecting against similar threats.

Additional Protective Measures

Besides updating the software, several other actions can reduce attack success probability:

• Enabling multi-factor authentication (MFA) for all administrative accounts and key roles;
• Periodically changing passwords and ensuring they contain complex character combinations;
• Configuring firewall rules to limit access to ports/services necessary for MConfig functionality;
• Deploying anomaly detection tools for monitoring unusual behavior across networks and devices.

These precautions will help lower the likelihood of successful exploitation and enhance overall organizational security levels.

Checking Using Perimeter Platform

Perimeter offers various methods to verify whether this threat exists within company infrastructure:

• Use OSINT tooling to ensure public exposure hasn’t occurred due to compromise;
• Perform port/service scans via Network Scan module to identify potential entry points for attackers;
• Run regular Express Audits to detect emerging vulnerabilities and risks promptly.