PatchSiren

ABB CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM ABB CVE published 2026-06-23

CVE-2025-13162

CVE-2025-13162 is an Uncontrolled Search Path Element vulnerability affecting ABB Control Builder A and ABB 800xA for Advant Master. The issue exists in Control Builder A versions up to 1.4/4 and 800xA for Advant Master versions up to 6.0.3-1, 6.1.1-1, 6.1.1-3, and 6.2.0-1. This vulnerability has a CVSS score of 4.1, indicating a medium severity level. The CVE was published on June 23, 2026, and last modi [truncated]

MEDIUM ABB CVE published 2026-06-10

CVE-2025-7064

CVE-2025-7064 is a medium-severity authentication bypass vulnerability in ABB Freelance. The issue affects multiple versions of Freelance, including through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. The vulnerability is caused by a primary weakness, classified as CWE-305. The CVSS score for this vulnerability is 5.6, indicating a medium severity level.

MEDIUM ABB CVE published 2026-04-13

CVE-2025-3756

CVE-2025-3756 is a network-accessible denial-of-service issue in the IEC 61850 communication stack used by several ABB industrial control products. ABB says an attacker with access to IEC 61850 networks can send a specially crafted packet that may force PM 877, CI850, or CI868 communication interfaces into fault mode, or make S+ Operations 61850 connectivity unavailable. The advisory also states that the [truncated]

HIGH ABB CVE published 2026-04-13

CVE-2024-7348

CVE-2024-7348 is a high-severity ABB Ability Symphony Plus S+ Engineering issue that can let an attacker leverage a PostgreSQL utility to execute arbitrary SQL functions. The advisory says affected installations should be upgraded to S+ Engineering 2.4 SP2 RU1 or later, and notes there are no workarounds.

HIGH ABB CVE published 2026-04-13

CVE-2024-0985

CVE-2024-0985 is a high-severity issue in ABB Ability Symphony Plus S+ Engineering where an attacker can supply untrusted materialized views and then rely on a high-privileged authorized user to refresh them, resulting in arbitrary SQL functions being executed. ABB and CISA describe this as requiring access to the site’s S+ client/server network and user interaction by a privileged account. The advisory r [truncated]

HIGH ABB CVE published 2026-04-13

CVE-2023-5869

CVE-2023-5869 affects ABB Ability Symphony Plus S+ Engineering and is rated high severity (CVSS 8.8). According to the advisory, an authenticated PostgreSQL user can provide crafted data that triggers an integer overflow caused by a missing overflow check, which can enable arbitrary code execution. ABB’s guidance is to upgrade impacted systems to S+ Engineering 2.4 SP2 RU1 or later, and to use network seg [truncated]

HIGH ABB CVE published 2026-04-13

CVE-2023-39417

CVE-2023-39417 affects ABB Ability Symphony Plus S+ Engineering. According to the advisory republished by CISA from ABB PSIRT, if an administrator has installed Extension scripts and specific data is used inside a quoting construct, an attacker with proper PostgreSQL privileges may be able to execute arbitrary code on the system as the administrator. ABB’s recommended fix is to upgrade impacted systems to [truncated]

HIGH ABB CVE published 2026-03-13

CVE-2025-13779

CVE-2025-13779 is a high-severity information-disclosure issue in ABB AWIN gateways. According to the advisory corpus, an unauthenticated query can reveal system configuration and other sensitive details. The issue was publicly disclosed on 2026-03-13 and later republished by CISA on 2026-04-30. ABB lists fixed firmware versions for the affected gateway lines and recommends upgrading as soon as possible, [truncated]

MEDIUM ABB CVE published 2026-03-13

CVE-2025-13778

CVE-2025-13778 affects ABB AWIN GW100 rev. 2 and GW120 firmware. According to the advisory, an unauthenticated query can reboot the device and cause denial of service. CISA’s CSAF advisory rates the issue 6.5 MEDIUM and recommends removing direct Internet exposure, using secure remote access, and upgrading to the fixed firmware versions.

HIGH ABB CVE published 2026-03-13

CVE-2025-13777

CVE-2025-13777 is a high-severity ABB AWIN gateway issue in which an unauthenticated query can reveal data because of improper session validation. CISA’s advisory first published on 2026-03-13 and was republished on 2026-04-30 with ABB PSIRT materials; affected products include AWIN GW100 rev. 2 and AWIN GW120 firmware lines listed in the advisory. ABB states the issue is corrected in GW100 rev. 2 v2.1-0 [truncated]

HIGH ABB CVE published 2026-02-24

CVE-2025-41691

CVE-2025-41691 is a high-severity denial-of-service issue in the ABB AC500 V3 runtime system's CmpDevice component. According to the advisory, unauthenticated attackers can send specially crafted communication requests that trigger a NULL pointer dereference and disrupt availability. The same issue is also described as affecting systems when outdated clients attempt to log in. ABB states the issue is corr [truncated]

MEDIUM ABB CVE published 2026-02-24

CVE-2024-41975

CVE-2024-41975 describes a default-exposure issue in the ABB Automation Builder Gateway for Windows. The gateway listens on all network adapters on TCP port 1217, which can allow remote access in environments where only local access is intended; while user management on the PLCs helps prevent direct access, the advisory notes that unauthenticated attackers may still search for PLCs and map restricted networks.

HIGH ABB CVE published 2026-02-18

CVE-2018-20505

CVE-2018-20505 is a high-severity vulnerability in SQLite 3.25.2 that can be exploited by remote attackers to cause a denial of service (application crash). The vulnerability occurs when queries are run on a table with a malformed PRIMARY KEY, allowing attackers to leverage the ability to run arbitrary SQL statements. This vulnerability is particularly relevant in certain WebSQL use cases. The vulnerabili [truncated]

CRITICAL ABB CVE published 2026-02-18

CVE-2017-10989

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mis-handles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly un-specified other impact. This vulnerability has a CVSS score of 9.8 and is considered critical. The issue was initially reported in 2017 and has been recently republished by CISA. ABB B&R [truncated]

MEDIUM ABB CVE published 2026-02-18

CVE-2016-6153

CVE-2016-6153 is a memory corruption vulnerability in SQLite versions before 3.50.2. The vulnerability occurs when the number of aggregate terms exceeds the number of columns available, leading to a potential memory corruption issue. This vulnerability has a CVSS score of 5.9 and a severity of MEDIUM. The CVE was published on 2026-02-18T00:30:00.000Z and last modified on 2026-05-21T06:00:00.000Z. The affe [truncated]

LOW ABB CVE published 2026-02-18

CVE-2015-6607

CVE-2015-6607 is a privilege escalation vulnerability in SQLite versions before 3.8.9. This vulnerability was used in Android versions before 5.1.1 LMY48T and could allow attackers to gain privileges via a crafted application. The vulnerability has a CVSS score of 3.7 and is considered low severity. The CVE was published on February 18, 2026, and last modified on May 21, 2026. ABB B&R Automation Studio is [truncated]

MEDIUM ABB CVE published 2026-01-29

CVE-2026-0936

CVE-2026-0936 is a medium-severity information disclosure issue affecting ABB B&R PVI client versions prior to 6.5.0. According to the advisory, an authenticated local attacker could abuse client-side logging to gather credential information processed by the PVI client. Logging is disabled by default and must be explicitly enabled, which reduces exposure but does not eliminate risk where troubleshooting o [truncated]

HIGH ABB CVE published 2026-01-29

CVE-2023-45232

CVE-2023-45232 is a high-severity vulnerability in EDK2's Network Package. The vulnerability is caused by an infinite loop when parsing unknown options in the Destination Options header of IPv6. This could allow an attacker to gain unauthorized access and potentially lead to a loss of Availability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.5, indicating a high level [truncated]

HIGH ABB CVE published 2026-01-27

CVE-2025-15467

CVE-2025-15467 is a critical memory-safety flaw in ABB AC500 V3 PM5xxx firmware handling CMS (Auth)EnvelopedData. ABB and CISA state that malformed AEAD parameters can trigger a stack-based out-of-bounds write before authentication or tag verification, and ABB’s fix is firmware 3.9.0 HF1. Because no workaround is available, affected operators should treat this as an immediate patch item.

MEDIUM ABB CVE published 2026-01-19

CVE-2025-11044

CVE-2025-11044 is a network-reachable denial-of-service issue in ABB B&R Automation Runtime’s ANSL-Server component. According to the advisory, an unauthenticated attacker can win a race condition and leave affected devices in a permanent DoS state, making this most important for exposed OT systems that cannot tolerate downtime.

HIGH ABB CVE published 2026-01-19

CVE-2025-11043

CVE-2025-11043 is a high-severity certificate validation weakness in ABB B&R Automation Studio versions before 6.5. According to the CISA-republished advisory, the issue affects the OPC-UA client and the ANSL over TLS client and could let an unauthenticated attacker on the network intercept and interfere with data exchanges. ABB’s fix is available in Automation Studio 6.5, and the vendor advises deploying [truncated]

HIGH ABB CVE published 2026-01-16

CVE-2025-14510

ABB Ability OPTIMAX installations that use Azure Active Directory Single-Sign On are affected by an authentication bypass. CISA published the advisory on 2026-01-16 and republished ABB PSIRT material on 2026-04-30; the vendor states the issue is fixed in 6.3.1-251120 and 6.4.1-251120 or later.

MEDIUM ABB CVE published 2026-01-07

CVE-2025-4677

CVE-2025-4677 is a medium-severity availability issue in ABB WebPro SNMP Card PowerValue. The advisory says idle session timeout is not configured on ports 23 and 502, allowing connections to accumulate until device resources are exhausted and service becomes unavailable.

HIGH ABB CVE published 2026-01-07

CVE-2025-4676

CVE-2025-4676 is a high-severity authentication bypass affecting ABB WebPro SNMP Card PowerValue web HMI access. The advisory says the device validates only the first character of the session cookie and authentication token, which can let an attacker brute force those characters and bypass authentication.

MEDIUM ABB CVE published 2026-01-07

CVE-2025-4675

CVE-2025-4675 is an availability issue in ABB WebPro SNMP Card PowerValue products where the Modbus slave implementation is incorrect. According to the advisory, port 502 can become unstable and the Modbus service may become unavailable until the device is manually rebooted. ABB identifies version 1.1.8.p as the corrected release and recommends defensive measures from the product documentation when upgrad [truncated]

CRITICAL ABB CVE published 2025-11-20

CVE-2025-10571

CVE-2025-10571 is a critical authentication bypass issue in the ABB Ability Edgenius Management Portal. According to the advisory, an attacker who has access to the network where Edgenius is deployed and while the portal is running may send a specially crafted message to the system node to bypass authentication. The reported impact is severe: the attacker may be able to install and run arbitrary code, uni [truncated]

HIGH ABB CVE published 2025-11-06

CVE-2025-10205

CVE-2025-10205 affects ABB FLXeon controllers and their released software, where password hashes are stored using MD5 with low-entropy salt on unencrypted partitions. That design increases the risk that credentials can be recovered or misused if a device, storage medium, or exposed management path is accessed. CISA published the advisory on 2025-11-06 and rated the issue HIGH (CVSS 8.8) in the supplied re [truncated]

MEDIUM ABB CVE published 2025-11-03

CVE-2018-1002208

CVE-2018-1002208 describes a vulnerability in SharpZip.dll used by ABB Protection and Control IED Manager PCM600 versions 1.5 through 2.13. According to the advisory, a specially crafted message to the system node can lead to insertion and execution of arbitrary code. The issue is rated CVSS 4.4 (Medium) and is constrained by local access, high attack complexity, low privileges, and required user interaction.

MEDIUM ABB CVE published 2025-07-03

CVE-2025-6074

CVE-2025-6074 is a medium-severity ABB RMC-100 issue involving a REST interface authentication bypass. According to the advisory, the risk applies when the REST interface is enabled by the user and an attacker has access to the source code and control network. In that scenario, the attacker may bypass REST authentication and access MQTT configuration data. ABB’s fixes are available in RMC-100 version 2105 [truncated]

HIGH ABB CVE published 2025-07-03

CVE-2025-6073

CVE-2025-6073 is a high-severity ABB RMC-100 issue that can overflow the username or password buffer, but only under a specific chain of conditions: the REST interface must be enabled, an attacker must have access to the control network, user/password broker authentication must be enabled, and CVE-2025-6074 must also be exploited. ABB and CISA list fixed builds for affected RMC-100 and RMC-100 LITE versio [truncated]

HIGH ABB CVE published 2025-07-03

CVE-2025-6072

CVE-2025-6072 is a high-severity ABB RMC-100 / RMC-100 LITE issue in the REST interface path. According to the advisory, if the REST interface is enabled and an attacker already has access to the control network, exploitation of CVE-2025-6074 can let the attacker use JSON configuration input to overflow the expiration-date field. ABB provides fixed releases for affected RMC-100 and RMC-100 LITE versions.

MEDIUM ABB CVE published 2025-07-03

CVE-2025-6071

CVE-2025-6071 is a medium-severity confidentiality issue affecting ABB RMC-100 and RMC-100 LITE. According to the CISA CSAF advisory, an attacker may gain access to salted information and use it to decrypt MQTT information. ABB and CISA list fixed releases for the affected product lines, and the advisory was later republished with updated vendor information.

HIGH ABB CVE published 2025-05-13

CVE-2025-3394

CVE-2025-3394 is a high-severity issue in ABB Automation Builder project handling. CISA says the product stores user management information in the project file; although password data is fully encrypted, a specially crafted project file can cause user management to be overruled. For organizations that exchange, store, or archive Automation Builder projects, this is primarily an integrity and access-control concern.

MEDIUM ABB CVE published 2025-04-07

CVE-2023-40217

CVE-2023-40217 is a network-reachable information-disclosure issue affecting ABB M2M Gateway ARM600 and ABB M2M Gateway SW. In a narrow timing window, buffered data may remain readable before TLS client-certificate authentication is initiated, which can expose limited sensitive information from the server.

HIGH ABB CVE published 2025-04-07

CVE-2023-22809

CVE-2023-22809 is a sudoedit flaw that can let a local attacker append extra files to the edit list via SUDO_EDITOR, VISUAL, or EDITOR, creating a path to privilege escalation. In CISA advisory ICSA-25-105-08, the issue is mapped to ABB M2M Gateway ARM600 and ABB M2M Gateway SW, with affected versions called out in the advisory published on 2025-04-07.

HIGH ABB CVE published 2025-04-07

CVE-2022-41974

CVE-2022-41974 is a HIGH-severity local privilege-escalation issue in ABB M2M Gateway ARM600 and related ABB M2M Gateway SW. According to CISA’s CSAF advisory published on 2025-04-07, a local user who can write to UNIX domain sockets may bypass access controls, manipulate the multipath setup, and potentially gain root privileges.

HIGH ABB CVE published 2025-04-07

CVE-2022-2964

CISA’s ABB M2M Gateway advisory maps CVE-2022-2964 to ABB ARM600 firmware and ABB M2M Gateway SW releases. The issue is described as a flaw in the Linux kernel driver for ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet devices, with multiple out-of-bounds reads and possible out-of-bounds writes. Because the affected products and versions are explicitly listed by ABB/CISA, operators should treat this [truncated]

HIGH ABB CVE published 2025-04-07

CVE-2022-2526

CVE-2022-2526 is a use-after-free vulnerability affecting ABB M2M Gateway products, including ARM600. CISA published advisory ICSA-25-105-08 on 2025-04-07 for this issue. The flaw is described as a reference-counting error in resolved-dns-stream.c: on_stream_io() and dns_stream_complete() do not increment the DnsStream object's reference count, so later functions and callbacks can dereference freed memory [truncated]

LOW ABB CVE published 2025-04-07

CVE-2012-4929

CVE-2012-4929 is the CRIME-style TLS compression weakness: when TLS 1.2 or earlier compresses data without hiding the length of the unencrypted content, a man-in-the-middle attacker can infer plaintext HTTP header data by comparing response lengths across repeated guesses. In the supplied CISA advisory, ABB maps this issue to ABB M2M Gateway ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 [truncated]

HIGH ABB CVE published 2025-03-11

CVE-2022-24999

CVE-2022-24999 is a high-severity availability issue in ABB RMC-100 and RMC-100 LITE web UI REST interface components. According to the CISA CSAF advisory published on 2025-03-11, a specially crafted message can cause the Node process to hang, requiring the REST interface to be disabled and re-enabled to restore service. ABB lists fixed customer packages for both affected product lines.

CRITICAL ABB CVE published 2025-02-05

CVE-2024-51547

CVE-2024-51547 is a critical firmware credential exposure issue affecting ABB ASPECT®-Enterprise and related NEXUS/MATRIX series products. CISA’s advisory published on 2025-02-05 states that several hard-coded credentials for product internal use are stored in the firmware as plain text, with affected releases including ASP-ENT-x, NEX-2x, NEXUS-3-x, and MAT-x up to version 3.08.03. The advisory rates the [truncated]

CRITICAL ABB CVE published 2025-01-23

CVE-2024-48852

CISA’s advisory for ABB FLXEON Controllers says some information may be improperly disclosed through HTTPS access in firmware 9.3.4 and earlier. The vendor’s remediation is to upgrade to 9.3.5 or later, avoid direct Internet exposure, and use secure remote-access controls such as a properly maintained VPN.

CRITICAL ABB CVE published 2025-01-23

CVE-2024-48849

CVE-2024-48849 is a critical ABB advisory affecting FLXEON-controller family products and related firmware versions at or below 9.3.4. CISA published the advisory on 2025-01-23 and later revised it on 2025-02-14. The issue is described as insufficient session management to prevent unauthorized HTTPS requests, which can expose affected systems to unauthorized actions over the network. The source remediatio [truncated]

CRITICAL ABB CVE published 2025-01-23

CVE-2024-48841

CVE-2024-48841 is a critical ABB FLXEON controller vulnerability that allows network-based execution of arbitrary code with elevated privileges. The advisory affects FLXEON products at firmware 9.3.4 and earlier, with CISA listing FBXi, FBVi, FBTi, and CBXi firmware as impacted. ABB and CISA recommend immediate exposure reduction and firmware upgrade to 9.3.5 or later.

CRITICAL ABB CVE published 2024-07-03

CVE-2024-6784

Server-Side Request Forgery (SSRF) vulnerabilities in ABB ASPECT systems enable authenticated attackers to access unauthorized internal resources and disclose sensitive information. The vulnerability affects multiple product lines including ASPECT-Enterprise, NEXUS Series, and MATRIX Series running firmware version 3.08.02 and earlier. CISA published initial advisory ICSA-25-007-01 on July 3, 2024, with s [truncated]

CRITICAL ABB CVE published 2024-07-03

CVE-2024-6516

Cross-site scripting (XSS) vulnerabilities in ABB ASPECT building automation systems allow malicious script injection into client browsers. Affected versions include ASPECT-Enterprise (ASP-ENT-x), NEXUS Series (NEX-2x, NEXUS-3-x), and MATRIX Series (MAT-x) running firmware 3.08.02 and earlier. The vulnerability was disclosed on July 3, 2024, with vendor fixes becoming available in subsequent months—versio [truncated]

CRITICAL ABB CVE published 2024-07-03

CVE-2024-6515

A critical vulnerability in ABB ASPECT building automation systems allows credential exposure through the web browser interface. The application handles usernames and passwords in clear text or Base64 encoding, significantly increasing the risk of unintended credential disclosure. This affects ASPECT-Enterprise, NEXUS Series, and MATRIX Series products running version 3.08.02 and earlier. The vulnerabilit [truncated]

CRITICAL ABB CVE published 2024-07-03

CVE-2024-6298

A critical Improper Input Validation vulnerability in ABB ASPECT systems enables Remote Code Inclusion (RCI) with a CVSS 3.1 score of 10.0. The flaw affects ASPECT-Enterprise, NEXUS Series, and MATRIX Series products running version 3.08.01 and earlier. CISA published advisory ICSA-25-007-01 on July 3, 2024, with subsequent updates in August, November, and December 2024 as patched versions became availabl [truncated]

CRITICAL ABB CVE published 2024-07-03

CVE-2024-51554

CVE-2024-51554 is a critical off-by-one error vulnerability in ABB's ASPECT building automation system that enables array out-of-bounds access in a log script. Published July 3, 2024, and last modified December 5, 2024, this vulnerability carries a CVSS 3.1 score of 9.1 (Critical). The flaw affects multiple ABB product lines including ASPECT®-Enterprise (ASP-ENT-x), NEXUS Series (NEX-2x, NEXUS-3-x), and M [truncated]

CRITICAL ABB CVE published 2024-07-03

CVE-2024-51551

ABB ASPECT systems ship with publicly known default credentials that allow unauthenticated remote attackers to gain full administrative access to affected devices. The vulnerability affects ASPECT-Enterprise, NEXUS Series, and MATRIX Series products running version 3.07.02 and earlier on Linux. CISA published this advisory on July 3, 2024, with subsequent updates in August, November, and December 2024 as [truncated]