ABB Ability Symphony Plus
ABB reports that their Ability Symphony Plus products are vulnerable to improper authentication, which could allow an unauthorized client to connect to the S+ Operations servers (human machine interface (HMI) network) and act as a legitimate S+ Operations client. ABB recommends users follow their recommended approach of designing and deploying a secure network for industrial use, ICS Cyber Security Reference Architecture Guide, 8VZZ000368D0066—S+ Operations is not intended to be directly connected to the internet, and enable host authentication and data integrity via IPsec. Updates for the affected products are planned for release within Q4 2023. CVEs: CVE-2023-0228 [View Article](https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-03)