CVE-2025-3394 ABB CVE debrief

Who should care

ABB Automation Builder users and administrators, OT/ICS engineering teams, system integrators, and anyone who distributes, imports, or stores Automation Builder project files.

Technical summary

The CISA CSAF advisory for ABB Automation Builder (ICSA-25-133-04) describes a project-file tampering issue affecting ABB Automation Builder: vers:all/*. The source states that user management information is stored in the project file and that crafted contents may overrule user management, even though password data is encrypted. The advisory assigns CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a locally reachable, low-complexity issue with potentially severe confidentiality, integrity, and availability impact as recorded by the advisory.

Defensive priority

High priority: protect Automation Builder project files from unauthorized modification and apply ABB’s recommended security settings.

Recommended defensive actions

• In Automation Builder project settings, set Security to "Integrity" check.
• In Automation Builder project settings, set Security to "Encryption."
• Restrict write access to project files and only import project files from trusted sources.
• Review internal handling of Automation Builder project files for unauthorized changes before deployment or transfer.
• Follow CISA ICS recommended practices for hardening and defense in depth in OT environments.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory JSON for ICSA-25-133-04, published and modified on 2025-05-13T06:00:00Z. The advisory identifies ABB as the vendor, Automation Builder as the affected product, and lists one affected product entry (ABB Automation Builder: vers:all/*). The remediation text in the source specifically recommends setting project Security to "Integrity" check or "Encryption." No KEV entry was supplied for this CVE.

Official resources