Edgenius Management Portal Authentication Bypass

Plan PatchCVSS 9.67PAA022088Nov 20, 2025

ABB

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB Ability Edgenius versions 3.2.0.0 through 3.2.1.1 contain an authentication bypass vulnerability in the Management Portal. An unauthenticated attacker with network access can exploit this to install and run arbitrary code, uninstall applications, or modify application configurations on vulnerable systems. The vulnerability is resolved in version 3.2.2.0.

What this means

What could happen

An attacker on your network could run arbitrary code on the Edgenius system without any password, potentially modifying industrial application configurations, installing malware, or disrupting operations. This could affect any industrial process or system relying on Edgenius for management and control.

Who's at risk

Organizations running ABB Ability Edgenius for industrial process management should prioritize this fix. This affects any water, electric, chemical processing, or manufacturing facility using Edgenius versions 3.2.0.0 through 3.2.1.1 for managing remote industrial applications or edge computing infrastructure.

How it could be exploited

An attacker with network access to the Edgenius Management Portal (typically port 443 or HTTP) can send a specially crafted request that bypasses authentication checks. Once past authentication, the attacker can execute arbitrary code, modify application settings, or install/remove applications that control industrial processes.

Prerequisites

Network access to the Edgenius Management Portal (typically TCP port 443 or HTTP port)
ABB Ability Edgenius version 3.2.0.0 through 3.2.1.1 deployed and accessible from attacker's network segment

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.6)Can affect control system operationsAllows arbitrary code execution

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Ability Edgenius 3.2.0.03.2.0.03.2.2.0

Ability Edgenius 3.2.1.13.2.1.13.2.2.0

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDDisable the Edgenius Management Portal if an immediate maintenance window is not available

HARDENINGRestrict network access to the Edgenius Management Portal to only authorized engineering workstations and administrative machines using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB Ability Edgenius to version 3.2.2.0 or later

CVEs (1)

CVE-2025-10571

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7183b827-22b9-4ec9-bab5-6d36dc9e5b5c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.