OTPulse

Busch-Welcome® 2 wire Door opener actuator by default in compatibility mode.

MonitorCVSS 6.89akk108471a4556Jul 21, 2025
ABB
Attack path
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

ABB Busch-Welcome Switch Actuator 4 DU -83330 and -83330-500 devices default to a compatibility mode that does not properly enforce access controls. An attacker with physical access to an affected actuator can bypass door unlock restrictions and gain unauthorized entry to the building. All versions are affected, and no patch is planned by the vendor.

What this means
What could happen
An attacker with physical access to the device could bypass door access controls and gain unauthorized entry to the building where the actuator is installed. This could allow theft, sabotage, or intrusion into critical infrastructure areas.
Who's at risk
Building access control administrators and facility managers who rely on ABB Busch-Welcome switch actuators for door and light control. This affects physical security of any facility using the Switch Actuator 4 DU -83330 or -83330-500 models, including office buildings, data centers, utility substations, and critical infrastructure facilities.
How it could be exploited
The device operates in a default compatibility mode that does not properly enforce access controls. An attacker with physical access to the actuator can manipulate its state to unlock doors, bypassing the intended access restrictions that would normally be controlled by the building management system or access control system.
Prerequisites
  • Physical access to the door actuator device
  • Knowledge that the device is in default compatibility mode
  • No special tools or authentication credentials required
No patch availablePhysical access required but may be possible for insiders or determined attackersAffects physical security and access controlDefault insecure configuration
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
Switch Actuator 4 DU -83330 - All VersionsAll versionsNo fix (EOL)
Switch actuator, door/light 4 DU -83330-500 - All VersionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGVerify all Switch Actuator 4 DU -83330 and -83330-500 devices are physically secured and not accessible to unauthorized personnel
HARDENINGReview and audit all door access points using these actuators; ensure backup mechanical locks or access control measures are in place
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network isolation or segregation of the access control system if these devices are network-connected
WORKAROUNDContact ABB to determine if configuration changes or workarounds can disable the default compatibility mode on installed devices
View full ABB PSIRT advisory
API: /api/v1/advisories/1da61a79-cf03-4c42-b7d8-7273c894adb6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Busch-Welcome® 2 wire Door opener actuator by default in compatibility mode. | CVSS 6.8 - OTPulse