PatchSiren cyber security CVE debrief
CVE-2025-10205 ABB CVE debrief
CVE-2025-10205 affects ABB FLXeon controllers and their released software, where password hashes are stored using MD5 with low-entropy salt on unencrypted partitions. That design increases the risk that credentials can be recovered or misused if a device, storage medium, or exposed management path is accessed. CISA published the advisory on 2025-11-06 and rated the issue HIGH (CVSS 8.8) in the supplied record. No KEV entry or known ransomware campaign use is listed in the provided corpus.
- Vendor
- ABB
- Product
- FBXi-8R8-X96 (2CQG201028R1011)
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-06
- Original CVE updated
- 2025-11-06
- Advisory published
- 2025-11-06
- Advisory updated
- 2025-11-06
Who should care
OT/ICS operators, plant engineers, ABB FLXeon administrators, and security teams responsible for industrial control environments should prioritize this advisory, especially where FLXeon devices are internet-exposed, remotely administered, or physically accessible to untrusted personnel.
Technical summary
The advisory describes insecure credential storage in ABB FLXeon systems: password hashes use MD5, the salt has low entropy, and the data resides on unencrypted partitions. The CVSS vector in the supplied advisory is AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating serious impact once an attacker has adjacent access or can otherwise reach the affected environment. The issue is centered on weak secret handling and storage protection rather than a remote code execution flaw.
Defensive priority
High priority, and urgent for any FLXeon deployment that is directly exposed to the internet, reachable through forwarded ports, or installed in environments lacking strong physical access controls. The strongest risk-reduction actions are firmware updates, removal of unnecessary exposure, and secure handling of remote access.
Recommended defensive actions
- Upgrade all FLXeon products to the latest firmware version available from ABB.
- Stop and disconnect any FLXeon products that are exposed directly to the internet, including exposure through NAT port forwarding.
- Enforce physical access controls so unauthorized personnel cannot access devices, peripherals, or connected networks.
- If remote access is required, use only secure methods and keep any VPN solution updated and securely configured.
- Review ABB Cybersecurity Advisory 9AKK108471A7121 for the product-specific mitigation mapping referenced in the source advisory.
- Apply CISA ICS recommended practices and defense-in-depth controls appropriate for industrial environments.
Evidence notes
Source evidence comes from the CISA CSAF advisory ICSA-25-310-03 for CVE-2025-10205, published and modified on 2025-11-06T07:00:00Z. The supplied record names ABB as the vendor, lists multiple FLXeon product variants, and states that password hashes are stored with vulnerable MD5, low-entropy salt, and on unencrypted partitions. The provided enrichment shows no KEV entry and no known ransomware campaign use.
Official resources
-
CVE-2025-10205 CVE record
CVE.org
-
CVE-2025-10205 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory context: CISA initially published ICSA-25-310-03 on 2025-11-06T07:00:00Z. No KEV date is present in the supplied corpus, and no known ransomware campaign use is indicated.