MDR
Solutions
Partners
About
Resources
Affected Environment
ABB industrial and ICS-connected products, including System 800xA, Symphony Plus, PCM600, Edgenius, OPTIMAX, AWIN and S+ Engineering. Impacted sites are those deploying listed firmware and software versions in operational and engineering environments.
Threat Overview
Vulnerabilities span code execution, authentication bypass, denial of service and configuration disclosure in ABB control and gateway products. Exploitation can enable loss of control, unauthorized changes, device reboots and full engineering system compromise if network access is gained.
Exposure Timeline
Issues are disclosed with fixes available now or scheduled: some patches released in 2024–2026, others planned through 2027. Organizations remain exposed until affected versions are upgraded or mitigations and workarounds from ABB are implemented.
Attack Surface
Exposure arises on IEC 61850 networks, OPTIMAX with Azure AD SSO, Edgenius portals, AWIN gateway interfaces and S+ Client Server networks. Unsegmented or externally reachable ICS, management portals, or poorly controlled access to engineering networks increase risk.
Technical Root Cause
Root causes include flaws in IEC 61850 command handling, SharpZip library, Edgenius auth logic, OPTIMAX auth algorithm and AWIN session handling. Further exposure comes from PostgreSQL 13.11 and earlier vulnerabilities embedded in Symphony Plus Engineering installations.
Exploitation Pathway
An attacker sends specially crafted messages or queries to vulnerable nodes to bypass auth, reboot devices or execute arbitrary code. Where PostgreSQL is exposed on the S+ network, authenticated abuse of database functions can escalate to full system compromise.
Operational Impact
Systems may suffer denial of service on IEC 61850 connectivity, remote gateway reboots and unauthorized configuration changes. Engineering and management portals could be used to install, remove or alter applications, affecting reliability of control operations.
Strategic Impact
Compromise of engineering environments and gateways can undermine trust in control data and system integrity across sites. Persistent access to ICS could enable long-term disruption risk and regulatory or safety concerns for industrial operators.
Required Mitigation
Identify all affected ABB products and versions; prioritize upgrades to the fixed releases specified for each product line. Where updates are not yet possible, apply ABB’s recommended mitigations, including disabling Edgenius Portal until patched.
Incident Response Guidance
Review logs and telemetry on OPTIMAX, Edgenius, AWIN and S+ Engineering for anomalous access, reboots or config changes. Validate firmware/software baselines, restrict access to S+ Client Server and IEC 61850 networks, and document any suspected compromise.
References
Use CISA ICS advisories ICSA-26-120-01 through ICSA-26-120-06 for official technical detail and remediation guidance. Track and map the listed CVEs to internal asset inventories to confirm exposure and remediation status.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)