ABB AbilityTM zenon Remote Transport Vulnerability

MonitorCVSS 7.52nga002743Aug 12, 2025

ABB

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB zenon versions 14 and earlier contain an authentication bypass in the Remote Transport Service. An unauthenticated attacker with network access can call the Reboot OS function, forcing an immediate system reboot without presenting valid credentials. This is a denial-of-service vulnerability that interrupts SCADA operations. ABB does not plan to issue patches for affected versions (14 and earlier).

What this means

What could happen

An unauthenticated attacker with network access to the Remote Transport Service can force an unplanned system reboot, interrupting operations and potentially causing loss of control or alarm visibility until the zenon system restarts.

Who's at risk

Water treatment and distribution facilities, electric utilities, and other critical infrastructure using ABB zenon for SCADA visualization and control. Any organization running zenon version 14 or earlier with the Remote Transport Service enabled is at risk. The impact is greatest for facilities with limited redundancy or where operator intervention is required to manually restore critical processes after unexpected shutdown.

How it could be exploited

The attacker must reach the Remote Transport Service port on the zenon system over the network. They send a specially crafted request to the Reboot OS function without providing valid credentials. The service accepts the request and immediately reboots the system, disconnecting all connected operator interfaces and halting monitoring and control functions.

Prerequisites

Network access to the Remote Transport Service port (TCP, typically 55200 or configured alternate port)
The zenon Remote Transport Service must be enabled and accessible from attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availableimpacts availability of SCADA/HMI system

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

AbilityTM zenon≤ 14No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDRestrict network access to the Remote Transport Service port to only authorized engineering workstations and remote access jump servers using firewall rules or network ACLs

WORKAROUNDDisable the Remote Transport Service on zenon systems if remote access is not required for your operations

WORKAROUNDDisable or restrict the Reboot OS function in the Remote Transport Service configuration if supported by your zenon version

Mitigations - no patch available

0/1

AbilityTM zenon has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate zenon systems from untrusted networks and non-critical IT infrastructure

CVEs (1)

CVE-2025-8754

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/caf44f5f-cc5e-4863-8afc-06c99a21649a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.