System 800xA affected by 3rd party component vulnerabilities

Act Now8.47paa023732Mar 31, 2026

ABBManufacturing

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB System 800xA includes vulnerable third-party components: 7-Zip version 18.5 (CWE-59, CWE-476, CWE-122, CWE-22, CWE-693, CWE-835, CWE-191, CWE-125, CWE-787, CWE-754, CWE-284) and Microsoft Azure Data Studio version 1.32. These vulnerabilities are actively exploited in the wild. 7-Zip can be exploited if an attacker tricks a user into extracting a malicious file or if the attacker gains system access. Azure Data Studio vulnerability requires system access and improper AAA configuration. The vulnerabilities pose a risk primarily if the third-party software is actually installed and used; they may appear in vulnerability scans of installation media but cannot be exploited if the software is uninstalled. Uninstallation completely eliminates the risk and does not impact 800xA functionality. Azure Data Studio is automatically removed in System 800xA 7.0 and later.

What this means

What could happen

ABB 800xA systems contain vulnerable versions of 7-Zip and Microsoft Azure Data Studio that are actively exploited. Uninstalling these components eliminates risk without affecting system operation.

Who's at risk

Manufacturing facilities running ABB System 800xA (versions 7.0 or earlier for History; 6.2 or earlier for AC 870P Melody, Symphony Plus Harmony, Batch Management, Application Change Management, and Production Response Batch History). This affects process automation platforms used in chemical, pharmaceutical, and discrete manufacturing plants where these systems manage batch operations, data collection, and engineering configuration.

How it could be exploited

An attacker could exploit 7-Zip if they trick a user into extracting a malicious file, or if they gain direct system access. For Azure Data Studio, the attacker needs system access and must get a user to open a malicious file or execute code. Both require user interaction or system compromise as an initial stepping stone.

Prerequisites

User interaction: user must extract a malicious file via 7-Zip or click a malicious link
OR: Attacker gains initial access to the engineering workstation or server
Azure Data Studio vulnerability: requires improperly configured Authentication, Authorization, and Accountability (AAA) settings

Actively exploited (KEV)High EPSS score (52.4%)High CVSS severity (8.4)Multiple weakness types (privilege escalation, arbitrary code execution, path traversal)User interaction required but easy to trigger (social engineering)Affects engineering/workstation tier where credentials to access safety-critical systems may reside

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (6)

6 pending

ProductAffected VersionsFix Status

800xA History <=7.0≤ 7.0No fix yet

800xA for AC 870P Melody <=6.2≤ 6.2No fix yet

800xA for Symphony Plus Harmony <=6.2≤ 6.2No fix yet

Batch Management <=6.2≤ 6.2No fix yet

Application Change Management <=6.2≤ 6.2No fix yet

Production Response Batch History <=6.2≤ 6.2No fix yet

Remediation & Mitigation

0/5

Do now

0/5

WORKAROUNDUninstall 7-Zip from all affected 800xA systems immediately

WORKAROUNDUninstall Microsoft Azure Data Studio from all affected 800xA systems immediately

HARDENINGFor Systems 800xA 7.0 and later, verify that Microsoft Azure Data Studio has been automatically removed during installation or upgrade

HARDENINGConfigure proper Authentication, Authorization, and Accountability (AAA) controls on all engineering workstations and servers running 800xA

HARDENINGRestrict user access to unzip/extract files only through approved channels; educate users not to extract files from untrusted sources

CVEs (16)

CVE-2025-55188 CVE-2025-53817 CVE-2025-53816 CVE-2025-11002 CVE-2025-11001 CVE-2025-0411 CVE-2024-11612 CVE-2024-11477 CVE-2023-52169 CVE-2023-52168 CVE-2023-40481 CVE-2023-31102 CVE-2022-47112 CVE-2022-47111 CVE-2022-29072 CVE-2024-26203

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21db9514-970a-4d28-9349-8c1346d772ec

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.