CISA Warns of Authentication Bypass in ABB Freelance Security Lock Affecting Critical Manufacturing
CISA disclosed a medium-severity authentication bypass vulnerability in ABB Freelance Security Lock that could let local attackers access underlying OS functions via undocumented key combinations.
CISA published an advisory on June 23, 2026, warning of an authentication bypass vulnerability in ABB Freelance Security Lock, tracked as CVE-2025-7064. The flaw affects all supported versions of ABB Freelance — from Freelance 2013 up to Freelance 2024 — that have the Security Lock component enabled. With a CVSS v3.1 base score of 6.6, the vulnerability is classified as MEDIUM severity, but its potential impact on industrial control environments warrants close attention from critical manufacturing operators worldwide.
The root cause of the vulnerability lies in the way ABB Freelance Security Lock restricts access to the Windows operating system when the Freelance Operations environment is active. An attacker with local access to a workstation can bypass this lock using undocumented or special keyboard combinations available on modern keyboards. Once the OS is reachable, the attacker could manipulate Freelance user management and underlying OS functions, depending on system configuration and user permissions.
According to the advisory, the vulnerability was reported by researcher Gergely Regweld Szini. The affected product line covers a broad swath of industrial automation deployments: all versions of ABB Freelance Security Lock that ship with Freelance 2013 (and earlier), Freelance 2013 SP1, Freelance 2016, Freelance 2016 SP1, Freelance 2019, Freelance 2019 SP1, Freelance 2019 SP1 FP1, and Freelance 2024. CISA notes that ABB is headquartered in Switzerland and that the products are deployed worldwide in the Critical Manufacturing sector.
While the vulnerability does not enable remote exploitation — the attack vector is strictly local (AV:L) — the consequences on a compromised system could be significant. A successful attacker could gain high integrity access (I:H) to user management and system configurations, potentially altering control logic or exfiltrating proprietary process data. The advisory acknowledges "no known public exploitation specifically targeting this vulnerability," but the documented proof-of-concept technique (keyboard shortcuts) lowers the skill barrier significantly.
ABB has released a security advisory (ID: 7PAA020361) with mitigation guidance. The primary recommendation is to restrict physical and local access to Freelance workstations to authorized personnel only. CISA additionally advises users to minimize network exposure of control system devices, isolate control networks from business networks behind firewalls, and use VPNs for remote access. The agency further recommends implementing defense-in-depth strategies and reporting any suspicious activity.
This advisory is part of a growing pattern where seemingly low-severity local flaws in industrial control systems are increasingly scrutinized by CISA for their potential to serve as stepping stones in multi-stage attacks. The ABB Freelance product line is widely used in batch process control in chemical, pharmaceutical, and other continuous manufacturing environments, making persistent local access a credible risk rather than a theoretical one.
Operators should apply ABB's recommended mitigations immediately, audit physical access controls to engineering workstations, and monitor for unusual keyboard or user behavior that could indicate an attempt to exploit this bypass. While no active exploitation has been reported, the availability of the advisory and the simplicity of the attack vector make this a vulnerability that adversaries could easily integrate into their toolbox for targeted operations against manufacturing facilities.