ABB Automation Builder

Plan PatchCVSS 8.5ICS-CERT ICSA-25-133-04Apr 30, 2025

ABBEnergy

Summary

ABB Automation Builder versions 2.8.0 and earlier contain user management bypass vulnerabilities (CVE-2025-3394 and CVE-2025-3395) that could allow an attacker to overrule user management controls. CVE-2025-3394 relates to integrity checking and CVE-2025-3395 relates to encryption. The vulnerabilities are not remotely exploitable and require local or network access. ABB has released a fix in version 2.8.1. For versions affected by one or both CVEs, workarounds include enabling 'Integrity' or 'Encryption' security settings in project settings.

What this means

What could happen

An attacker with local or network access to Automation Builder could bypass user management controls, potentially allowing them to modify project configurations, alter control logic, or gain unauthorized access to critical automation engineering functions.

Who's at risk

Engineering teams and automation builders who use ABB Automation Builder to configure PLCs, drives, and other automation devices in the energy sector should prioritize this update. Organizations that use Automation Builder on workstations with network connectivity or shared access are most at risk.

How it could be exploited

An attacker must first gain local or network-based access to a device running ABB Automation Builder. Once on the network, they can exploit the user management bypass vulnerability to elevate privileges or override access controls without valid credentials.

Prerequisites

Local or network access to a device running ABB Automation Builder
No valid user credentials appear to be required based on the user management bypass nature of the vulnerability

User management bypass possibleAffects automation engineering toolLow EPSS score but high CVSS severity

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

All ABB Automation Builder <= 2.8.0≤ 2.8.02.8.1

Automation Builder: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDEnable 'Integrity' security setting in Automation Builder project settings to mitigate CVE-2025-3394

WORKAROUNDEnable 'Encryption' security setting in Automation Builder project settings to mitigate CVE-2025-3395

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ABB Automation Builder to version 2.8.1 or later

Mitigations - no patch available

0/2

Automation Builder: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict network access to Automation Builder engineering workstations using firewall rules; do not expose these systems to the Internet

HARDENINGIsolate Automation Builder systems from business networks using network segmentation

CVEs (2)

CVE-2025-3394 CVE-2025-3395

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2c433f3e-e6c7-4e1b-b4cc-3a027de95b80

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.