Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 communication stack

MonitorCVSS 6.57paa020125Apr 13, 2026

ABB

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB's implementation of the IEC 61850 communication stack (MMS protocol) in several automation control products contains vulnerabilities allowing denial of service. An attacker on the IEC 61850 network can send a specially crafted packet that causes CI868, CI850, and PM 877 modules to fault (requiring manual restart), or causes the IEC 61850 communication driver on S+ Operations to crash. Repeated attacks can cause prolonged communication loss. GOOSE protocol communication is not affected. The vulnerabilities require network access to the IEC 61850 network and no authentication.

What this means

What could happen

An attacker on your IEC 61850 network can send a malicious packet that crashes CI868, CI850, or PM 877 modules (requiring manual restart), or disrupts IEC 61850 communication on S+ Operations nodes, causing temporary loss of that connectivity.

Who's at risk

Operators of ABB System 800xA, Symphony Plus SD Series, Symphony Plus MR (Melody Rack), and S+ Operations using IEC 61850 MMS communication for process automation control should assess their installations. This affects any site running these control systems with IEC 61850 connectivity.

How it could be exploited

An attacker must reach your IEC 61850 network, then sends a specially crafted packet to the vulnerable module or node. The packet causes the device to fault or the IEC 61850 driver to crash, dropping communication until manual intervention or automatic recovery occurs.

Prerequisites

Network access to IEC 61850 network or the vulnerable device IP/port
No authentication required

Remotely exploitable over IEC 61850 networkNo authentication requiredLow attack complexityAffects availability of automation control communication

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

AC800M Product line (System 800xA) CI868 for IEC 61850 communicationAll versions6.1.1-3

Symphony Plus SD Series CI850 for IEC 61850 communicationA 0A 1A 2.003 and 3 moreFix available

Symphony Plus MR (Melody Rack) PM 877 for IEC 61850 communication≥ 3.10|≤ 3.523.53

S+ Operations using IEC 61850 connectivity3.32.32.22.1Fix available

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGIsolate IEC 61850 network from untrusted networks; do not expose directly to the Internet

HARDENINGRestrict network access to IEC 61850 devices and S+ Operations nodes to authorized engineering and control networks only

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AC800M CI868 to firmware version 6.1.1-3 or later (AC 800M 7.0 available as of December 2025)

HOTFIXUpdate Symphony Plus SD Series CI850 to firmware version C_0 or later (planned Q2 2026)

HOTFIXUpdate Symphony Plus MR PM 877 to firmware version 3.53 or later (planned Q1 2026)

HOTFIXUpdate S+ Operations to version 3.4 or later (available as of January 2026)

CVEs (1)

CVE-2025-3756

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/341ca68c-fcd2-4ce6-866f-f726e0a88cae

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.