Edgenius Management Portal Authentication Bypass

Plan Patch9.67paa022088Nov 20, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB Ability Edgenius versions 3.2.0.0 through 3.2.1.1 contain an authentication bypass vulnerability in the Management Portal. An unauthenticated attacker on the local or adjacent network can bypass authentication controls to install and execute arbitrary code, uninstall applications, or modify application configurations on vulnerable devices. The vulnerability does not require user interaction and affects the entire system scope including all integrity and availability. ABB has released version 3.2.2.0 as a fix.

What this means

What could happen

An attacker on the same network can bypass authentication to the Edgenius Management Portal and execute arbitrary code, install or remove applications, or alter application configurations on vulnerable systems without providing any credentials.

Who's at risk

Water authorities and utilities using ABB Ability Edgenius edge computing platforms (versions 3.2.0.0 through 3.2.1.1) for remote monitoring, data aggregation, or control logic. This affects any organization that uses Edgenius devices for SCADA data collection, edge analytics, or local automation at remote sites.

How it could be exploited

An attacker on the local or adjacent network sends unauthenticated requests to the Edgenius Management Portal interface. The portal fails to properly validate authentication and permits the attacker to upload and execute arbitrary code, modify application settings, or remove installed applications on the edge computing device.

Prerequisites

Network access to the Edgenius Management Portal interface (typically port 8080 or 443, depending on configuration)
Device running vulnerable version 3.2.0.0 through 3.2.1.1
Management Portal must be enabled and reachable

Remotely exploitable over local networkNo authentication requiredLow complexity attackAllows arbitrary code executionCan alter industrial process configuration

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Ability Edgenius 3.2.0.03.2.0.03.2.2.0

Ability Edgenius 3.2.1.13.2.1.13.2.2.0

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDisable the Edgenius Management Portal until upgrade can be applied

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ABB Ability Edgenius to version 3.2.2.0 or later

Long-term hardening

0/1

HARDENINGRestrict network access to the Edgenius Management Portal using firewall rules to permit only trusted management workstations

CVEs (1)

CVE-2025-10571

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/be765235-9a9a-424c-bf28-3f5675ccc554