These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-3756 is a network-accessible denial-of-service issue in the IEC 61850 communication stack used by several ABB industrial control products. ABB says an attacker with access to IEC 61850 networks can send a specially crafted packet that may force PM 877, CI850, or CI868 communication interfaces into fault mode, or make S+ Operations 61850 connectivity unavailable. The advisory also states that the [truncated]
CVE-2024-7348 is a high-severity ABB Ability Symphony Plus S+ Engineering issue that can let an attacker leverage a PostgreSQL utility to execute arbitrary SQL functions. The advisory says affected installations should be upgraded to S+ Engineering 2.4 SP2 RU1 or later, and notes there are no workarounds.
CVE-2024-0985 is a high-severity issue in ABB Ability Symphony Plus S+ Engineering where an attacker can supply untrusted materialized views and then rely on a high-privileged authorized user to refresh them, resulting in arbitrary SQL functions being executed. ABB and CISA describe this as requiring access to the site’s S+ client/server network and user interaction by a privileged account. The advisory r [truncated]
CVE-2023-5869 affects ABB Ability Symphony Plus S+ Engineering and is rated high severity (CVSS 8.8). According to the advisory, an authenticated PostgreSQL user can provide crafted data that triggers an integer overflow caused by a missing overflow check, which can enable arbitrary code execution. ABB’s guidance is to upgrade impacted systems to S+ Engineering 2.4 SP2 RU1 or later, and to use network seg [truncated]
CVE-2023-39417 affects ABB Ability Symphony Plus S+ Engineering. According to the advisory republished by CISA from ABB PSIRT, if an administrator has installed Extension scripts and specific data is used inside a quoting construct, an attacker with proper PostgreSQL privileges may be able to execute arbitrary code on the system as the administrator. ABB’s recommended fix is to upgrade impacted systems to [truncated]
CVE-2025-13779 is a high-severity information-disclosure issue in ABB AWIN gateways. According to the advisory corpus, an unauthenticated query can reveal system configuration and other sensitive details. The issue was publicly disclosed on 2026-03-13 and later republished by CISA on 2026-04-30. ABB lists fixed firmware versions for the affected gateway lines and recommends upgrading as soon as possible, [truncated]
CVE-2025-13778 affects ABB AWIN GW100 rev. 2 and GW120 firmware. According to the advisory, an unauthenticated query can reboot the device and cause denial of service. CISA’s CSAF advisory rates the issue 6.5 MEDIUM and recommends removing direct Internet exposure, using secure remote access, and upgrading to the fixed firmware versions.
CVE-2025-13777 is a high-severity ABB AWIN gateway issue in which an unauthenticated query can reveal data because of improper session validation. CISA’s advisory first published on 2026-03-13 and was republished on 2026-04-30 with ABB PSIRT materials; affected products include AWIN GW100 rev. 2 and AWIN GW120 firmware lines listed in the advisory. ABB states the issue is corrected in GW100 rev. 2 v2.1-0 [truncated]
CVE-2025-15467 is a critical memory-safety flaw in ABB AC500 V3 PM5xxx firmware handling CMS (Auth)EnvelopedData. ABB and CISA state that malformed AEAD parameters can trigger a stack-based out-of-bounds write before authentication or tag verification, and ABB’s fix is firmware 3.9.0 HF1. Because no workaround is available, affected operators should treat this as an immediate patch item.
CVE-2025-41691 is a high-severity denial-of-service issue in the ABB AC500 V3 runtime system's CmpDevice component. According to the advisory, unauthenticated attackers can send specially crafted communication requests that trigger a NULL pointer dereference and disrupt availability. The same issue is also described as affecting systems when outdated clients attempt to log in. ABB states the issue is corr [truncated]
CVE-2024-41975 describes a default-exposure issue in the ABB Automation Builder Gateway for Windows. The gateway listens on all network adapters on TCP port 1217, which can allow remote access in environments where only local access is intended; while user management on the PLCs helps prevent direct access, the advisory notes that unauthenticated attackers may still search for PLCs and map restricted networks.
CVE-2026-0936 is a medium-severity information disclosure issue affecting ABB B&R PVI client versions prior to 6.5.0. According to the advisory, an authenticated local attacker could abuse client-side logging to gather credential information processed by the PVI client. Logging is disabled by default and must be explicitly enabled, which reduces exposure but does not eliminate risk where troubleshooting o [truncated]
CVE-2025-11044 is a network-reachable denial-of-service issue in ABB B&R Automation Runtime’s ANSL-Server component. According to the advisory, an unauthenticated attacker can win a race condition and leave affected devices in a permanent DoS state, making this most important for exposed OT systems that cannot tolerate downtime.
CVE-2025-11043 is a high-severity certificate validation weakness in ABB B&R Automation Studio versions before 6.5. According to the CISA-republished advisory, the issue affects the OPC-UA client and the ANSL over TLS client and could let an unauthenticated attacker on the network intercept and interfere with data exchanges. ABB’s fix is available in Automation Studio 6.5, and the vendor advises deploying [truncated]
ABB Ability OPTIMAX installations that use Azure Active Directory Single-Sign On are affected by an authentication bypass. CISA published the advisory on 2026-01-16 and republished ABB PSIRT material on 2026-04-30; the vendor states the issue is fixed in 6.3.1-251120 and 6.4.1-251120 or later.
CVE-2025-4677 is a medium-severity availability issue in ABB WebPro SNMP Card PowerValue. The advisory says idle session timeout is not configured on ports 23 and 502, allowing connections to accumulate until device resources are exhausted and service becomes unavailable.
CVE-2025-4676 is a high-severity authentication bypass affecting ABB WebPro SNMP Card PowerValue web HMI access. The advisory says the device validates only the first character of the session cookie and authentication token, which can let an attacker brute force those characters and bypass authentication.
CVE-2025-4675 is an availability issue in ABB WebPro SNMP Card PowerValue products where the Modbus slave implementation is incorrect. According to the advisory, port 502 can become unstable and the Modbus service may become unavailable until the device is manually rebooted. ABB identifies version 1.1.8.p as the corrected release and recommends defensive measures from the product documentation when upgrad [truncated]
CVE-2025-10571 is a critical authentication bypass issue in the ABB Ability Edgenius Management Portal. According to the advisory, an attacker who has access to the network where Edgenius is deployed and while the portal is running may send a specially crafted message to the system node to bypass authentication. The reported impact is severe: the attacker may be able to install and run arbitrary code, uni [truncated]
CVE-2018-1002208 describes a vulnerability in SharpZip.dll used by ABB Protection and Control IED Manager PCM600 versions 1.5 through 2.13. According to the advisory, a specially crafted message to the system node can lead to insertion and execution of arbitrary code. The issue is rated CVSS 4.4 (Medium) and is constrained by local access, high attack complexity, low privileges, and required user interaction.