VYPR
advisoryPublished May 2, 2026· Updated May 17, 2026· 6 sources

ABB Issues Critical Security Advisories for Industrial Control and Management Systems

ABB has issued a series of urgent security advisories addressing critical vulnerabilities across its industrial product portfolio, including flaws that could allow for unauthorized remote code execution and denial-of-service attacks.

ABB has released a series of critical security advisories addressing multiple vulnerabilities across its industrial control and management product lines, including flaws that could allow unauthenticated remote code execution and system disruption. These vulnerabilities impact a wide range of critical infrastructure sectors, including energy, water, manufacturing, and chemical industries worldwide CISA.

The most severe of these issues, CVE-2025-10571, carries a critical CVSS score of 9.6 and affects the ABB Edgenius Management Portal (versions 3.2.0.0 and 3.2.1.1). An attacker can bypass authentication by sending a specially crafted message to the system node, granting them the ability to install or uninstall applications, execute arbitrary code, and modify system configurations CISA. ABB recommends upgrading to version 3.2.2.0 or disabling the portal entirely as an immediate mitigation CISA.

Other significant vulnerabilities include flaws in ABB Ability Symphony Plus Engineering, which are rooted in outdated PostgreSQL versions (13.11 and earlier). These vulnerabilities, such as CVE-2023-5869 and CVE-2023-39417, allow authenticated users to trigger integer overflows or exploit SQL injection flaws to execute arbitrary code CISA. Users are urged to upgrade to S+ Engineering 2.4 SP2 RU1 CISA. Additionally, ABB AWIN Gateways are susceptible to authentication bypass and remote reboot attacks (CVE-2025-13777 and CVE-2025-13778), with fixes available in firmware version 2.1-0 for GW100 rev. 2 and 2.0-0 for GW120 CISA.

Operational disruptions are also a concern. A vulnerability in the IEC 61850 communication stack (CVE-2025-3756) allows attackers to force specific modules—including PM 877, CI850, and CI868—into a fault mode or crash the S+ Operations connectivity driver, resulting in a denial-of-service condition CISA. Furthermore, ABB PCM600 (versions 1.5 through 2.13) contains a path traversal vulnerability (CVE-2018-1002208) in its SharpZip.dll component, which could lead to arbitrary code execution CISA.

ABB Ability OPTIMAX installations using Azure Active Directory Single-Sign On are also affected by an authentication bypass flaw (CVE-2025-14510), which has been addressed in version 6.3.1-251120 CISA. For all affected products, ABB emphasizes the importance of reviewing installations and applying the provided patches or workarounds at the earliest convenience CISA.

These disclosures highlight the ongoing challenge of securing complex, interconnected industrial environments. The breadth of these vulnerabilities—ranging from legacy component flaws to modern authentication bypasses—underscores the necessity for rigorous patch management and the implementation of defense-in-depth strategies, such as network segmentation and restricting internet exposure for critical control systems CISA. Organizations are encouraged to consult the specific ABB PSIRT advisories for detailed remediation steps.

Synthesized by Vypr AI