ABB Ability™ OPTIMAX® Authentication Bypass in Single-Sign On with Azure Active Directory
Plan Patch8.19AKK108472A1331Jan 16, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
ABB Ability OPTIMAX contains an authentication bypass vulnerability in the Azure Active Directory Single-Sign On integration. An attacker with network access who successfully exploits this flaw can bypass user authentication and potentially shut down the system, modify configuration, or install and run arbitrary code. The vulnerability affects OPTIMAX versions 6.1, 6.2, 6.3 (all versions prior to 6.3.1-251120), and 6.4 (all versions prior to 6.4.1-251120). Versions 6.1 and 6.2 are no longer supported and have no patch available.
What this means
What could happen
An attacker who bypasses authentication to ABB Ability OPTIMAX could shut down the system, modify configuration, or install arbitrary code on the production platform, potentially disrupting energy management or industrial operations.
Who's at risk
Operators of energy management, industrial automation, or building control systems using ABB Ability OPTIMAX for asset monitoring and optimization. This affects all organizations using OPTIMAX versions 6.1 through 6.4.0 with Azure AD integration enabled, particularly utilities and large industrial facilities.
How it could be exploited
An attacker with network access to the OPTIMAX web interface could exploit the Azure AD Single-Sign On authentication bypass to gain unauthorized access without valid credentials. Once authenticated, the attacker could execute commands or modify system configuration through the application interface.
Prerequisites
- Network access to the OPTIMAX web interface (typically port 443)
- Azure Active Directory Single-Sign On integration must be enabled on the target instance
- No valid user credentials required
Remotely exploitableNo authentication required when vulnerability is triggeredHigh impact on system availability and integrityAffects critical energy/industrial operations platformEnd-of-life versions (6.1, 6.2) have no patch available
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (4)
2 with fix2 pending
ProductAffected VersionsFix Status
Ability OPTIMAX 6.1 vers:all/*All versionsNo fix yet
Ability OPTIMAX 6.2 vers:all/*All versionsNo fix yet
Ability OPTIMAX 6.3 <6.3.1-251120<6.3.1-2511206.3.1-251120
Ability OPTIMAX 6.4 <6.4.1-251120<6.4.1-2511206.4.1-251120
Remediation & Mitigation
0/5
Do now
0/5HOTFIXUpdate ABB Ability OPTIMAX 6.4 to version 6.4.1-251120 or later
HOTFIXUpdate ABB Ability OPTIMAX 6.3 to version 6.3.1-251120 or later
WORKAROUNDFor ABB Ability OPTIMAX 6.2 and 6.1 users (unsupported versions), contact ABB for remediation guidance before deploying to production
WORKAROUNDIf Azure AD SSO integration is not required, disable the Azure Active Directory Single-Sign On feature until the system can be patched
HARDENINGRestrict network access to the OPTIMAX web interface to authorized administrative workstations only using firewall rules
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4d661057-ea13-433b-a646-e92d46a8ef6d