OTPulse

ABB Automation Builder Gateway for Windows with insecure defaults

MonitorCVSS 5.33adr011525Feb 24, 2026
ABBManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Windows gateway in ABB Automation Builder versions prior to 2.9.0 is accessible remotely by default without authentication. An unauthenticated attacker can search for and discover connected PLCs. Access to the PLCs themselves is prevented by their user management system, but if that is disabled, an attacker could modify PLC configuration or control logic after discovering them through the gateway.

What this means
What could happen
An unauthenticated attacker on the network can discover PLCs connected to the ABB Automation Builder Gateway. If PLC user management is disabled, the attacker could then access and potentially modify control logic or setpoints on those PLCs.
Who's at risk
Manufacturing facilities using ABB Automation Builder versions prior to 2.9.0 for engineering and commissioning of PLCs and automation systems. This affects anyone with the ABB gateway deployed on Windows systems that require remote engineering access or commissioning workflows.
How it could be exploited
An attacker discovers the ABB Automation Builder Gateway is listening on the network (default remote access enabled). The attacker sends an unauthenticated request to search for connected PLCs. If a target PLC has user management disabled, the attacker can then connect to that PLC through the gateway and issue commands to alter its configuration or running processes.
Prerequisites
  • Network reachability to the ABB Automation Builder Gateway on its listening port
  • Target PLC has user management disabled (default protection may not be sufficient if this setting is weakened)
remotely exploitableno authentication requiredlow complexityaffects automation systems
Exploitability
Unlikely to be exploited — EPSS score 0.4%
Affected products (1)
ProductAffected VersionsFix Status
Automation Builder <2.9.0<2.9.02.9.0
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDIf remote access to the gateway is not required, restrict gateway network access to localhost (127.0.0.1) by setting LocalAddress=127.0.0.1 in the [CmpGwCommDrvTcp] section of Gateway.cfg and restart the gateway
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB Automation Builder to version 2.9.0 or later
Long-term hardening
0/1
HARDENINGEnsure user management is enabled on all connected PLCs to prevent unauthorized access even if the gateway is compromised
View full ABB PSIRT advisory
API: /api/v1/advisories/03e768af-552a-4964-b9d1-c91fd551457f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

ABB Automation Builder Gateway for Windows with insecure defaults | CVSS 5.3 - OTPulse