ABB recommends the following workarounds. Although these workarounds will not correct the underlying vulnerability, they block the known attack vectors. • For CVE-2023-3322, Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. Remove the default directory permissions for ‘Everyone’ on the service grid, ABB utilities, and zenon_Projects directories and provide access only to specific users that are expected to access zenon. Install the IIoT services, which is, the Service grid component on a separate system. Secure the ZEE600 related executable files in ‘C:\ProgramData\ABB\ABBUtilities’ directory by removing the group named “Everyone”. Ensure the group name “Everyone” should be removed from the following directory. ‘C:\ProgramData\ABB’. Secure zenon_Projects directory by managing the access permissions. The project directory should have access only for the user group (Excluding administrator) which has the users to use zenon projects. Consider the following example: Example: A user group named ‘zenonOwnersGroup’ to be created and it is the only group that has write access to the zenon_ Projects directory. If the system has 2 users such as test1(Part of zenonOwnersGroup ) and test2 (not in zenonOwnersGroup ). The project directory (C:\Users\Public\Documents\zenon_Projects) should have write access only for the zenonOwnersGroup and for no one else. Now, test1 should have write access the zenon_Project directory and test2 should not.