ABB Ability Edgenius: Copy Fail

Act NowCVSS 7.87paa024620Jun 25, 2026

ABB

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A Linux kernel vulnerability (CVE-2026-31431, "Copy Fail") in ABB Edgenius Gateways and Servers versions 3.2.0.0 through 3.2.4.0 allows a locally authenticated user or compromised container workload to escalate privileges to root and gain complete system control. The vulnerability is actively being exploited in the wild. A patch is available in version 3.2.4.1.

What this means

What could happen

An attacker with local access to an Edgenius Gateway or Server could exploit a Linux kernel vulnerability to gain root privileges and take complete control of the system, disrupting critical automation and data processing functions.

Who's at risk

Manufacturing and process automation facilities using ABB Edgenius Gateways (bE100, E3100C) or Edgenius Servers (vE1000) in supervisory control and monitoring roles. Any organization where loss of Edgenius system control would disrupt production operations, data collection, or remote monitoring.

How it could be exploited

An attacker with a local user account (or a compromised container workload running on the device) exploits the Linux kernel vulnerability to escalate privileges to root. Once root is obtained, the attacker can modify system configuration, access sensitive data, or shut down the Edgenius service entirely.

Prerequisites

Local user account on the Edgenius Gateway or Server
Access to ssh or cockpit interface
System running affected version 3.2.0.0 through 3.2.4.0

actively exploited (KEV)high CVSS score (7.8)extremely high EPSS score (96.8%)local privilege escalationaffects critical automation infrastructure

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Ability Edgenius Gateway - bE100≥ 3.2.0.0|<3.2.4.13.2.4.1

Ability Edgenius Gateway - E3100C≥ 3.2.0.0|<3.2.4.13.2.4.1

Ability Edgenius Server - vE1000≥ 3.2.0.0|<3.2.4.13.2.4.1

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXUpdate Edgenius Gateway (bE100 and E3100C) and Edgenius Server (vE1000) to version 3.2.4.1 or later

WORKAROUNDRestrict ssh and cockpit access to authorized engineering and administrative users only via firewall rules or network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGLimit local user account creation on Edgenius systems to essential personnel only

CVEs (1)

CVE-2026-31431

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6a691cdd-7e40-4891-9b89-eaf7781a3e81

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.