ABB Automation Builder Gateway for Windows with insecure defaults

Monitor5.33adr011525Feb 24, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB Automation Builder Gateway for Windows is accessible remotely by default without authentication. This allows unauthenticated attackers to search for and discover connected PLCs on the network. While PLC user management typically prevents direct access to the devices, if user management is disabled on a PLC, an attacker could access it directly through the gateway.

What this means

What could happen

An attacker on your network could discover all PLCs connected through your Automation Builder gateway without any credentials. If PLC user management is disabled, the attacker could directly access and control those PLCs, potentially altering process setpoints or stopping operations.

Who's at risk

Manufacturing facilities using ABB Automation Builder Gateway versions before 2.9.0 on Windows to manage PLCs and distributed control systems. This affects anyone relying on network-based PLC discovery and management through the gateway.

How it could be exploited

An attacker with network access to the Windows gateway can scan for connected PLCs without authentication. If a PLC has user management disabled (a common configuration), the attacker can then access that PLC directly to read or modify its configuration and running programs.

Prerequisites

Network access to the Automation Builder gateway on its listen port (typically 502 or configured port)
PLC must have user management disabled for direct access (discovery does not require this)
Gateway must be configured to listen on a network interface (default behavior)

remotely exploitableno authentication requireddefault insecure configurationlow complexityaffects PLC discovery and potential accesslow EPSS score but enabled by default

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Automation Builder <2.9.0<2.9.02.9.0

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDIf running versions before 2.9.0 and remote access is not required, edit Gateway.cfg in the [CmpGwCommDrvTcp] section and set LocalAddress=127.0.0.1 to restrict access to the local computer only (requires gateway restart)

HARDENINGVerify that user management is enabled on all connected PLCs to prevent unauthorized access if the gateway is discovered

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Automation Builder to version 2.9.0 or later, which defaults to local-only gateway access

Long-term hardening

0/1

HARDENINGIf remote access to the gateway is required, restrict network access to it using firewall rules to limit which systems can connect

CVEs (1)

CVE-2024-41975

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/03e768af-552a-4964-b9d1-c91fd551457f