System 800xA affected by 3rd party component vulnerabilities

Act Now8.47paa023732Mar 31, 2026

ABBManufacturing

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB System 800xA versions and related products contain outdated, vulnerable third-party components: 7-Zip version 18.5 and Microsoft Azure Data Studio version 1.32. These vulnerabilities can only be exploited if the vulnerable software is installed and active on the system. The 7-Zip vulnerability requires an attacker to either gain system control or trick a user into extracting a malicious file. The Azure Data Studio vulnerability requires attacker access and occurs when authentication and access controls are not properly configured; this component is automatically removed in System 800xA 7.0 and later. Uninstalling these third-party applications eliminates the vulnerability risk without affecting product functionality.

What this means

What could happen

An attacker who gains access to your System 800xA engineering workstation could extract malicious files via vulnerable 7-Zip or execute arbitrary code via vulnerable Azure Data Studio, potentially compromising your process automation system and gaining control over industrial operations. These vulnerabilities require the attacker to either control the system directly or trick users into clicking malicious links.

Who's at risk

Manufacturing facilities using ABB System 800xA automation systems, including the 800xA History, AC 870P Melody, Symphony Plus Harmony, Batch Management, Application Change Management, and Production Response Batch History modules are affected. These vulnerabilities are most critical for plants that use 800xA for process control on critical industrial processes where unauthorized access could lead to unsafe conditions or production interruption.

How it could be exploited

An attacker could exploit these vulnerabilities through two paths: (1) by gaining initial access to the 800xA server/workstation and using the vulnerable 7-Zip to extract a malicious archive, or (2) by tricking an operator or engineer into clicking a link or downloading a file and extracting it with 7-Zip, or by gaining system access and running malicious code that exploits Azure Data Studio if insufficient access controls are in place. Both paths require local or social engineering to be effective.

Prerequisites

Vulnerable 7-Zip or Azure Data Studio must be installed on the 800xA system
For 7-Zip: attacker must either have local system access or trick a user into extracting a malicious archive
For Azure Data Studio: attacker must have initial system access and the system must have insufficient access controls configured

Local or social engineering attack requiredVulnerable third-party components bundled with productAffects engineering workstations and automation platformsMultiple CWEs indicate broad vulnerability scope

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (6)

6 pending

ProductAffected VersionsFix Status

800xA History <=7.0≤ 7.0No fix yet

800xA for AC 870P Melody <=6.2≤ 6.2No fix yet

800xA for Symphony Plus Harmony <=6.2≤ 6.2No fix yet

Batch Management <=6.2≤ 6.2No fix yet

Application Change Management <=6.2≤ 6.2No fix yet

Production Response Batch History <=6.2≤ 6.2No fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDUninstall 7-Zip version 18.5 from all affected 800xA systems

WORKAROUNDUninstall Microsoft Azure Data Studio from all affected 800xA systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to System 800xA 7.0 or later, where Azure Data Studio is no longer included

Long-term hardening

0/2

HARDENINGConfigure strong authentication, authorization, and access controls on all 800xA systems to limit who can execute commands or access sensitive functionality

HARDENINGImplement user awareness training to avoid clicking suspicious links or downloading files from untrusted sources on engineering workstations

CVEs (16)

CVE-2025-55188 CVE-2025-53817 CVE-2025-53816 CVE-2025-11002 CVE-2025-11001 CVE-2025-0411 CVE-2024-11612 CVE-2024-11477 CVE-2023-52169 CVE-2023-52168 CVE-2023-40481 CVE-2023-31102 CVE-2022-47112 CVE-2022-47111 CVE-2022-29072 CVE-2024-26203

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21db9514-970a-4d28-9349-8c1346d772ec

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.