AC500 V3 Multiple vulnerabilities

Plan PatchCVSS 8.33ADR011524Feb 24, 2026

ABB

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB AC500 V3 PLC contains multiple vulnerabilities in versions prior to 3.9.0. The vulnerabilities allow an authenticated attacker to bypass user management controls (CVE-2025-2595), read and write security certificates and keys (CVE-2025-41659), or cause denial-of-service by exhausting controller resources (CVE-2025-41691). The affected versions are AC500 V3 firmware below 3.9.0.

What this means

What could happen

An attacker with engineering credentials could bypass user management to read process visualization files, modify security certificates, or crash the controller, disrupting plant operations and compromising system integrity.

Who's at risk

AC500 V3 PLC operators and engineering teams at utilities, manufacturing facilities, and water authorities who use this controller for process automation and safety logic. Any organization deploying AC500 V3 as a primary control device is affected.

How it could be exploited

An attacker with valid engineering workstation credentials connects to the AC500 V3 controller over the network and exploits improper access controls to read visualization files, modify security certificates and keys, or trigger resource exhaustion leading to controller restart.

Prerequisites

Network access to the AC500 V3 controller
Valid engineering workstation credentials or user account

remotely exploitablerequires authenticationlow complexityaffects controller availabilitycould compromise system integrity through certificate manipulation

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

AC500 V3 <3.9.0<3.9.03.9.0

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the AC500 V3 controller to authorized engineering workstations only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AC500 V3 firmware to version 3.9.0 or later

Long-term hardening

0/1

HARDENINGReview and audit user access permissions on the AC500 V3 controller to ensure least-privilege principle

CVEs (3)

CVE-2025-2595 CVE-2025-41691 CVE-2025-41659

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4da9b860-9e25-4f0b-a82f-f8e33e122333

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.