ABB Automation Builder Gateway for Windows with insecure defaults

MonitorCVSS 5.33ADR011525Feb 24, 2026

ABBManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB Automation Builder gateway for Windows is remotely accessible by default without authentication. Unauthenticated attackers can enumerate connected PLCs on the network. Access to actual PLC control depends on whether user management is enabled on the PLCs; if disabled or using default credentials, attackers could modify process setpoints or stop operations. The vulnerability is fixed by updating to version 2.9.0, which sets the gateway to local-only access by default. Until upgrade, administrators can restrict remote access by editing the Gateway.cfg configuration file to set LocalAddress=127.0.0.1.

What this means

What could happen

An unauthenticated attacker with network access to the Automation Builder gateway can enumerate PLCs on the system. If PLC user management is disabled or uses default credentials, the attacker could gain control of PLCs and modify process parameters or halt operations.

Who's at risk

Manufacturing facilities using ABB Automation Builder (versions before 2.9.0) with the Windows gateway component. This affects anyone using Automation Builder to configure or manage ABB PLCs and control systems. The risk is highest for sites where the gateway is exposed to the engineering network or where PLC user management has been disabled for convenience.

How it could be exploited

An attacker on the network sends requests to the gateway's TCP port to enumerate connected PLCs. If successful enumeration occurs and PLC user management is not enforced, the attacker can connect directly to discovered PLCs and issue control commands. The attack requires no credentials because the gateway defaults to accepting remote connections without authentication.

Prerequisites

Network access to the Automation Builder gateway TCP port (default remote accessibility)
PLC user management must be disabled or use default/weak credentials for full impact

remotely exploitableno authentication requiredlow complexityaffects control of industrial processes if PLC credentials are weak or disabled

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

Automation Builder <2.9.0<2.9.02.9.0

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDIf upgrading is not immediately possible, edit the Gateway.cfg configuration file and set LocalAddress=127.0.0.1 in the [CmpGwCommDrvTcp] section to restrict remote access, then restart the gateway

HARDENINGEnable user management on all connected PLCs and ensure no default credentials are in use

HARDENINGIf remote gateway access is required for legitimate operations, use a firewall rule to restrict access to only trusted engineering workstations or networks instead of allowing all remote connections

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Automation Builder to version 2.9.0 or later to apply the vendor fix that restricts gateway access to local only by default

CVEs (1)

CVE-2024-41975

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/04ebdb2e-5594-4dbc-a3d0-deb2c163dba5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.