ABB FLXEON Controllers

Plan PatchCVSS 10ICS-CERT ICSA-25-051-02Jan 20, 2025

ABBManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB FLXEON controllers (CBXi, FBXi, FBVi, FBTi firmware versions 9.3.4 and earlier) contain multiple vulnerabilities in HTTPS request/response handling and network exposure. These flaws allow attackers with network access to send unauthorized HTTPS requests, intercept sensitive information from encrypted responses, or execute arbitrary remote code on the affected controllers. The vulnerabilities are exploitable if FLXEON devices are directly exposed to the internet or reachable from untrusted network segments.

What this means

What could happen

An attacker on your network could intercept HTTPS communications to and from FLXEON controllers, steal sensitive configuration or process data, or execute arbitrary code to alter system behavior or halt operations.

Who's at risk

Manufacturing facilities operating ABB FLXEON controllers (CBXi, FBXi, FBVi, FBTi models) for industrial automation and process control. This includes any plant using these controllers for real-time monitoring or control of critical manufacturing processes.

How it could be exploited

An attacker with network access to a FLXEON device sends crafted HTTPS requests that exploit implementation flaws in the controller's HTTPS handling. This allows interception of encrypted traffic, data exfiltration, or remote code execution directly on the controller. Exploitation is easiest if the device is directly exposed to the internet or reachable from untrusted networks without a firewall.

Prerequisites

Network access to the FLXEON device's HTTPS port (typically 443)
Device exposed directly to the internet, behind NAT, or reachable from untrusted network segments

remotely exploitableno authentication requiredlow complexityaffects critical OT deviceallows data theft and code executionhigh CVSS score (10.0)

Exploitability

Some exploitation risk — EPSS score 4.2%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CBXi Firmware≤ 9.3.4>=9.3.5

FBXi Firmware≤ 9.3.4>=9.3.5

FBVi Firmware≤ 9.3.4>=9.3.5

FBTi Firmware≤ 9.3.4>=9.3.5

Remediation & Mitigation

0/5

Do now

0/4

WORKAROUNDImmediately disconnect any FLXEON products that are directly exposed to the internet or accessible via NAT port forwarding until firmware update is applied

HARDENINGPlace all FLXEON devices behind a firewall; do not expose them directly to the internet

HARDENINGIf remote access to FLXEON is required, restrict it to secure VPN access only; ensure the VPN gateway is fully patched and securely configured

HARDENINGChange any default passwords on FLXEON devices if they have not already been changed

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all CBXi, FBXi, FBVi, and FBTi controllers to firmware version 9.3.5 or later

CVEs (3)

CVE-2024-48841 CVE-2024-48849 CVE-2024-48852

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cddd91b2-509a-418f-a3ec-e6c54ec2aa93

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.