PatchSiren cyber security CVE debrief
CVE-2025-10571 ABB CVE debrief
CVE-2025-10571 is a critical authentication bypass issue in the ABB Ability Edgenius Management Portal. According to the advisory, an attacker who has access to the network where Edgenius is deployed and while the portal is running may send a specially crafted message to the system node to bypass authentication. The reported impact is severe: the attacker may be able to install and run arbitrary code, uninstall installed applications, and modify application configuration. ABB’s remediation is to upgrade to the fixed release, 3.2.2.0, or temporarily disable the Edgenius Management Portal until the upgrade is applied.
- Vendor
- ABB
- Product
- Ability Edgenius
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-20
- Original CVE updated
- 2026-04-30
- Advisory published
- 2025-11-20
- Advisory updated
- 2026-04-30
Who should care
OT/ICS teams using ABB Ability Edgenius, especially administrators responsible for the Management Portal, network defenders for industrial environments, and incident response teams supporting ABB deployments. This is most relevant where the portal is reachable from internal networks or where segmentation is weak.
Technical summary
The advisory describes an authentication-bypass vulnerability in the Edgenius Management Portal. The attack requires network access to the deployed Edgenius environment and the portal to be running. A specially crafted message to the system node can bypass authentication, leading to high-impact consequences including arbitrary code execution, application uninstall, and configuration modification. The provided CVSS vector is AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, reflecting a high-severity, high-impact issue in an OT-facing management component.
Defensive priority
Urgent. Treat as a critical patch-and-contain issue: upgrade to ABB Ability Edgenius 3.2.2.0 as soon as possible, and disable the Management Portal if immediate upgrading is not feasible.
Recommended defensive actions
- Upgrade ABB Ability Edgenius to version 3.2.2.0, which ABB identifies as the fixed release.
- If you cannot upgrade immediately, disable the Edgenius Management Portal as a temporary mitigation.
- Restrict network access to Edgenius and verify only trusted management paths can reach the portal.
- Review OT segmentation and ensure the portal is not exposed beyond the minimum required management scope.
- Apply general ICS hardening and monitoring guidance from CISA and ABB to reduce the chance of unauthorized access.
- Check for unexpected application installs, configuration changes, or other signs of portal abuse in Edgenius environments.
Evidence notes
The source corpus is a CISA-republished ABB PSIRT advisory for ICSA-26-120-03, published 2025-11-20 and modified 2026-04-30. The advisory states that the vulnerability allows authentication bypass and may enable arbitrary code execution, application uninstall, and configuration modification. It also states that exploitation requires network access to the deployed environment and that ABB’s fix is included in version 3.2.2.0. The item is not listed as a KEV entry in the supplied data.
Official resources
-
CVE-2025-10571 CVE record
CVE.org
-
CVE-2025-10571 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published 2025-11-20; CISA republication and source modification were recorded on 2026-04-30. No KEV date was supplied in the source corpus.