CVE-2025-3756 ABB CVE debrief

Who should care

OT/ICS operators, control engineers, and asset owners running ABB AC800M/System 800xA, Symphony Plus SD Series, Symphony Plus MR (Melody Rack), or S+ Operations environments that use IEC 61850 connectivity.

Technical summary

The advisory describes a flaw in command handling within the IEC 61850 communication stack. Exploitation requires access to the IEC 61850 network path and a specially crafted 61850 packet. The practical impact is denial of service at the communications layer: affected PM 877, CI850, and CI868 interfaces can enter fault mode, and S+ Operations 61850 connectivity can become unavailable. The source corpus says this does not affect the full availability or functionality of the S+ Operations node itself, only the 61850 communication function. ABB’s guidance indicates no workaround is available and recommends fixing affected firmware versions through the listed updates.

Defensive priority

Medium overall; elevate to high priority if IEC 61850 traffic is reachable from shared, weakly segmented, or otherwise less-trusted networks.

Recommended defensive actions

• Verify whether any affected ABB AC800M/System 800xA CI868, Symphony Plus SD CI850, Symphony Plus MR PM 877, or S+ Operations IEC 61850 firmware versions are present in your environment.
• Apply the vendor-provided fixed versions as soon as operationally feasible: S+ Operations 3.4 or later, PM 877 3.53 or later, CI850 C_0 or later, and CI868 7.0 or later or the later 6.1.1-3 track when available.
• Do not expose IEC 61850 or process-control networks directly to the Internet; keep them isolated from untrusted networks.
• Use perimeter firewalls and allow-listing to permit only legitimate client communications to IEC 61850 services.
• Review segmentation and remote-access paths to confirm that only authorized hosts can reach affected communication interfaces.
• Treat 61850 communication loss or fault-mode transitions as a monitoring signal and verify alerting for interface failures or unexpected connectivity loss.
• Since no workaround is available, use compensating controls and vendor updates rather than relying on configuration-only mitigation.

Evidence notes

This debrief is based on the supplied CISA CSAF republishing of ABB PSIRT advisory 7PAA020125. The corpus states the issue was published on 2026-04-13 and modified on 2026-04-30. It also states that exploitation requires access to IEC 61850 networks, that the impact is limited to 61850 communications rather than full node availability, that System 800xA IEC61850 Connect is not affected, and that no workaround is available. The supplied vendor confidence is low and the version matrix is complex, so version-specific validation against the official ABB advisory is recommended.

Official resources