ABB Advant Master Online Builder Vulnerable to Code Execution
A vulnerability in ABB's Advant Master Online Builder could allow unauthorized code execution due to an improperly handled search path for DLL loading.

ABB has disclosed a critical vulnerability affecting its Advant Master Online Builder software, specifically within versions of Control Builder A and 800xA for Advant Master. The flaw, identified as CVE-2025-13162, stems from an incorrect version of Online Builder being included in the product media. This oversight creates a security weakness where the application improperly handles the search path for loading Dynamic Link Libraries (DLLs).
An attacker who gains the necessary access to an affected system could exploit this vulnerability by placing malicious DLL files in untrusted directories. The software's insecure search path mechanism would then load these unauthorized libraries, leading to the execution of arbitrary code. This could result in a complete compromise of system integrity and unauthorized control over industrial processes.
The vulnerability impacts ABB Control Builder A versions up to and including 1.4/4. For the 800xA for Advant Master platform, affected versions include 6.0.3-1, 6.1.1-1, 6.1.1-3, and 6.2.0-1. The Common Vulnerability Scoring System (CVSS) v3.1 base score for this vulnerability is 4.4, categorizing it as Medium severity. While remote exploitation is not possible, an attacker with local access or necessary privileges can leverage this flaw.
ABB has released updated versions to address the vulnerability. Customers using Control Builder A are advised to update to version 1.4/5 or later. For 800xA for Advant Master, users should update to version 6.1.1-5 or later, or version 6.2.0-3 or later, depending on their current installation. ABB noted that certain intermediate versions were released and subsequently withdrawn due to issues with the included Online Builder component, emphasizing the importance of applying the correct, patched versions.
As a mitigation strategy, ABB stresses the importance of robust access control and user management. Organizations should ensure only authorized personnel access the system, enforce strong password policies, and restrict the use of removable media. Disabling or carefully managing ports for removable data carriers on physically accessible systems is also recommended.
The vulnerability is categorized under CWE-427, Uncontrolled Search Path Element, highlighting the insecure handling of library loading paths. While the CVSS score is medium, the potential impact on critical manufacturing infrastructure, where these systems are deployed worldwide, underscores the significance of timely patching and adherence to security best practices.
ABB reported the vulnerability to CISA, which subsequently issued an advisory to inform operators of industrial control systems. The advisory urges customers to apply the available updates promptly to protect their systems from potential compromise. The company also provided guidance on specific version numbers that do and do not contain the vulnerability, aiming to prevent confusion during the update process.
This incident serves as a reminder of the ongoing security challenges within the Industrial Internet of Things (IIoT) and operational technology (OT) environments. Securely managing software components, particularly those included in complex industrial platforms, is crucial to prevent vulnerabilities that could lead to significant operational disruptions or safety incidents.