AC500 V3 Multiple vulnerabilities

Plan Patch8.33ADR011524Feb 24, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB AC500 V3 PLCs contain multiple vulnerabilities in user management and file access controls. The vulnerabilities allow attackers with valid credentials to bypass user management restrictions (CVE-2025-2595), read and modify certificate and key files used for encryption (CVE-2025-41659), or cause denial-of-service conditions where the PLC becomes unresponsive (CVE-2025-41691). These issues are corrected in firmware version 3.9.0.

What this means

What could happen

An attacker with network access and valid credentials could bypass user management controls, read visualization configuration files, read or write certificates and cryptographic keys, or cause the PLC to stop responding to legitimate commands.

Who's at risk

Facilities operating ABB AC500 V3 programmable logic controllers (PLCs) used in manufacturing automation, water treatment plants, electric generation, and other critical infrastructure. Organizations using older firmware versions for process control, safety interlocks, or supervisory automation are at highest risk.

How it could be exploited

An attacker reaches the AC500 V3 PLC over the network and authenticates with a low-privilege user account. They exploit insufficient permission checks to either read sensitive visualization and configuration files, modify or extract certificates and private keys used for secure communication, or trigger a denial-of-service condition that halts normal operation.

Prerequisites

Network access to AC500 V3 management interface or API
Valid user credentials (low-privilege account acceptable)
AC500 V3 firmware version below 3.9.0

remotely exploitablerequires valid authenticationaffects configuration and security settingsno safety system bypass (medium complexity)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

AC500 V3 <3.9.0<3.9.03.9.0

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to AC500 V3 management interfaces to only authorized engineering and supervisory workstations using firewall rules or network segmentation

HARDENINGReview and enforce strong password policies for all AC500 V3 user accounts, especially those with administrative or engineering privileges

WORKAROUNDDisable or restrict unused user accounts and authentication methods if your process control allows

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AC500 V3 firmware to version 3.9.0 or later via Automation Builder 2.9.0

CVEs (3)

CVE-2025-2595 CVE-2025-41659 CVE-2025-41691

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4da9b860-9e25-4f0b-a82f-f8e33e122333