ABB FLXeon Controllers

Plan PatchCVSS 8.8ICS-CERT ICSA-25-310-03Sep 9, 2025

ABB

Summary

ABB FLXeon controllers (FBXi, FBTi, CBXi, FBVi firmware versions 9.3.5 and earlier) contain hardcoded or weak credentials (CWE-798, CWE-1287) and insecure cryptographic storage (CWE-759). Successful exploitation allows remote attackers to execute arbitrary code, alter device configuration, insert malicious logic, or crash the controller. ABB has not released firmware patches and states no fix is planned for this product line. Devices directly exposed to the internet or accessible via port forwarding are at immediate risk.

What this means

What could happen

An attacker who gains access to a vulnerable FLXeon controller could run arbitrary code on it, alter operational parameters, or crash the device, disrupting critical process control in power generation, water treatment, or other utility infrastructure.

Who's at risk

This advisory affects FLXeon programmable logic controllers and firmware variants manufactured by ABB, which are used in power generation, water treatment, industrial automation, and utility infrastructure. Operators of FBXi, FBTi, CBXi, and FBVi controller families should assess their deployment and network exposure immediately.

How it could be exploited

An attacker with network access to an exposed FLXeon controller (directly connected to the internet or accessible via port forwarding) can exploit hardcoded or weak credentials (CWE-798, CWE-1287) or insecure cryptographic storage (CWE-759) to authenticate and execute arbitrary code on the device.

Prerequisites

Network access to the FLXeon controller on its management/control ports
Exploitation of default or hardcoded credentials embedded in the firmware
No authentication bypass required if credentials are known or obtainable

Remotely exploitable if internet-exposedDefault or hardcoded credentials embedded in firmwareNo patch available (end-of-life product line)Affects critical infrastructure (power, water, utilities)High CVSS score (8.8)

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (16)

1 pending15 EOL

ProductAffected VersionsFix Status

FBXi Firmware≤ 9.3.5No fix (EOL)

FBTi Firmware≤ 9.3.5No fix (EOL)

CBXi Firmware≤ 9.3.5No fix (EOL)

FBVi Firmware≤ 9.3.5No fix (EOL)

FBTi-6T1-1U1R (2CQG201022R1011): <=9.3.5≤ 9.3.5No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDImmediately disconnect any FLXeon products that are directly exposed to the internet (direct ISP connection or NAT port forwarding) from internet-facing networks until mitigations can be deployed

HARDENINGPlace all FLXeon controllers behind a firewall and isolate them from business/IT networks; restrict inbound access to only authorized engineering workstations and remote access gateways

WORKAROUNDConsult ABB Cybersecurity Advisory 9AKK108471A7121 for detailed vulnerability-to-mitigation mapping and apply any vendor-specific compensating controls if available

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to FLXeon is required, use a secure, updated VPN concentrator with strong authentication and encryption; do not allow direct internet access

HARDENINGImplement physical access controls to prevent unauthorized personnel from directly accessing FLXeon devices and their peripheral equipment

CVEs (4)

CVE-2024-48842 CVE-2024-48851 CVE-2025-10205 CVE-2025-10207

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/91fa2668-9f2f-40de-b63c-564a2aeea941

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.