ABB Automation Builder Vulnerabilities in user management and access control

Plan Patch7.83adr011407Apr 30, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB Automation Builder versions 2.8.0 and earlier contain vulnerabilities in user management and access control (CWE-732) that allow an attacker with local access to bypass the product's authorization mechanisms. An attacker who successfully exploits this vulnerability could overrule the Automation Builder's user management controls and gain unauthorized access to automation projects.

What this means

What could happen

An attacker with local access to an engineering workstation could bypass user management controls and gain unauthorized access to the Automation Builder, potentially allowing them to modify PLC programs, change controller settings, or upload malicious logic to industrial equipment.

Who's at risk

Engineering teams and automation engineers using ABB Automation Builder for PLC programming and industrial controller configuration. This affects any facility running ABB automation platforms (AC500, S800, or other ABB PLCs/controllers) where Automation Builder is used for program development.

How it could be exploited

An attacker with login access to the engineering workstation running Automation Builder exploits a local privilege escalation or authentication bypass flaw to overrule the product's user management system. This allows them to access and modify industrial automation projects without proper authorization.

Prerequisites

Local access to engineering workstation running ABB Automation Builder
Valid login credentials or ability to interact with the application locally
Automation Builder version 2.8.0 or earlier

Affects engineering workstationsRequires local accessUser management bypassNo authentication required for exploitation once local access gained

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

All ABB Automation Builder <= 2.8.0≤ 2.8.02.8.1

Remediation & Mitigation

0/2

Do now

0/1

WORKAROUNDImplement workarounds provided by ABB to close user management vulnerabilities (consult ABB advisory 3adr011407 for specific controls)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ABB Automation Builder to version 2.8.1 or later

CVEs (2)

CVE-2025-3394 CVE-2025-3395

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cb937fc8-687d-4926-9090-c7ed03a42787