CISA Warns of Remote Reboot Vulnerability in ABB Ability™ Zenon
CISA has published an advisory for CVE-2025-8754, a high-severity missing authentication vulnerability in ABB Ability™ zenon that allows unauthenticated attackers on the local network to remotely reboot affected systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an ICS advisory regarding CVE-2025-8754, a missing authentication vulnerability in ABB Ability™ zenon. The flaw resides in the Remote Transport Service of the zenon software platform, specifically within the zensyssrv.exe service, where the Reboot OS function lacks proper authentication checks.
An unauthenticated attacker who has already gained access to the local network can exploit this vulnerability to remotely initiate a system reboot without authorization. The vulnerability carries a CVSS v3.1 base score of 7.5, rated HIGH, with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating no confidentiality or integrity impact but high availability impact.
The affected product versions include ABB Ability™ zenon versions 7.50 through 14. In the default configuration, the zensyssrv.exe service is set to start automatically. While the Remote Transport Service requires users to configure a password beforehand, attackers can bypass the authentication mechanism entirely.
At the time of writing, CISA reports no evidence of active exploitation of CVE-2025-8754 in the wild. However, given the CVSS score and the potential for disruption in industrial control system environments, the agency urges immediate mitigation measures.
ABB has provided a workaround rather than a patch: restrict network access to systems running the zenon software platform and disable or stop the zensyssrv.exe service when the Remote Transport functionality is not in use. Organizations are also advised to use firewalls and VPNs for remote access, and to isolate control system networks from business networks.
The vulnerability affects multiple critical infrastructure sectors globally, including Chemical, Communications, Critical Manufacturing, Dams, Energy, Healthcare and Public Health, Information Technology, and Water and Wastewater systems. ABB, headquartered in Switzerland, reported the vulnerability to CISA under coordinated disclosure.
This advisory arrives amid a broader trend of CISA issuing warnings for ICS vulnerabilities affecting ABB products. Earlier advisories this year covered buffer overflow flaws in ABB Terra AC Wallbox and session hijack plus cross-site scripting vulnerabilities in ABB B&R Automation Runtime, underscoring ongoing risks to industrial automation platforms.