ABB FLXeon Controllers
Plan Patch8.8ICS-CERT ICSA-25-310-03Nov 6, 2025
Summary
ABB FLXeon controller firmware versions 9.3.5 and earlier contain credential storage weaknesses (hardcoded or default credentials) and other authentication bypasses that allow remote code execution. Affected product lines include FBXi, FBVi, FBTi, and CBXi industrial controllers. No patch is currently available from ABB. Successful exploitation allows remote attackers to execute arbitrary code, modify system behavior, or crash the device.
What this means
What could happen
An attacker with access to the network could execute arbitrary code on FLXeon controllers, potentially altering automation logic, changing process parameters, or stopping critical operations.
Who's at risk
Water authorities and utilities using ABB FLXeon controllers for process automation should assess exposure. These controllers are commonly used in SCADA/automation systems for pumping, treatment, and distribution. All FLXeon product variants (FBXi, FBVi, FBTi, CBXi series) at firmware 9.3.5 and earlier are affected.
How it could be exploited
An attacker would need network access to the controller (either directly if exposed to the Internet, or from within your internal network). They could exploit credential weaknesses or hardcoded authentication issues to gain control and execute code on the device.
Prerequisites
- Network access to the FLXeon controller on the management/control port
- Exposure to the Internet (direct ISP connection or NAT port forwarding)
- OR access from internal network if internal segmentation is insufficient
No patch availableDefault or weak credentials (CWE-798)Remotely exploitable if exposed to InternetHigh CVSS score (8.8)Affects control system operations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (12)
1 pending11 EOL
ProductAffected VersionsFix Status
FBTi-6T1-1U1R (2CQG201022R1011): <=9.3.5≤ 9.3.5No fix (EOL)
FBVi-2U4-4T (2CQG201015R1021 ): <=9.3.5≤ 9.3.5No fix yet
FBXi-8R8-X96 (2CQG201028R1011): <=9.3.5≤ 9.3.5No fix (EOL)
FBXi-8R8-H-X96 (2CQG201029R1011): <=9.3.5≤ 9.3.5No fix (EOL)
FBXi-X256 (2CQG201014R1021): <=9.3.5≤ 9.3.5No fix (EOL)
FBXi-X48 (2CQG201018R1021): <=9.3.5≤ 9.3.5No fix (EOL)
FBXi-8R8-X96-S (2CQG201606R1011): <=9.3.5≤ 9.3.5No fix (EOL)
FBVi-2U4-4T-IMP (2CQG201016R1021): <=9.3.5≤ 9.3.5No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDisconnect any FLXeon controller directly exposed to the Internet via direct connection or port forwarding and place it behind a firewall
WORKAROUNDIf remote access is required, use a secure VPN that is fully updated and configured for secure access
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade FLXeon firmware to the latest available version from ABB's product homepage
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: FBTi-6T1-1U1R (2CQG201022R1011): <=9.3.5, FBXi-8R8-X96 (2CQG201028R1011): <=9.3.5, FBXi-8R8-H-X96 (2CQG201029R1011): <=9.3.5, FBXi-X256 (2CQG201014R1021): <=9.3.5, FBXi-X48 (2CQG201018R1021): <=9.3.5, FBXi-8R8-X96-S (2CQG201606R1011): <=9.3.5, FBVi-2U4-4T-IMP (2CQG201016R1021): <=9.3.5, FBVi-2U4-4T-SI: <=9.3.5, FBTi-7T7-1U1R (2CQG201022R1011): <=9.3.5, CBXi-8R8 (2CQG201001R1021): <=9.3.5, CBXi-8R8-H (2CQG201001R1021): <=9.3.5. Apply the following compensating controls:
HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing network ports or devices
HARDENINGSegment FLXeon controllers behind firewalls separate from your business network
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/91fa2668-9f2f-40de-b63c-564a2aeea941