ABB Freelance Security Lock

MonitorCVSS 6.6ICS-CERT ICSA-26-174-05Jun 10, 2026

ABB

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ABB Freelance Security Lock versions 2013 through 2016 contain a vulnerability that allows a local attacker to bypass or disable the security lock via keyboard shortcuts or accessibility features, potentially making the application inaccessible or allowing unauthorized access to process control functions. ABB has identified that Freelance Extended User Management (available in Freelance 2019 or higher) does not have this vulnerability. A patch for Security Lock is in preparation. Workarounds exist for Freelance 2019 and higher by switching to Extended User Management; however, no workaround is available for Freelance 2016 SP1 and earlier versions except through OS-level hardening.

What this means

What could happen

An attacker with local access to a workstation running Freelance Security Lock could use keyboard shortcuts or accessibility features to bypass or disable the security lock, potentially stopping the application or making it inaccessible to authorized operators.

Who's at risk

This affects organizations running ABB Freelance software (versions 2013 through 2016 and similar) that rely on Freelance Security Lock for access control on engineering workstations. This is particularly relevant to utilities and industrial facilities where workstations control process operations and must be protected from unauthorized local access.

How it could be exploited

An attacker with local access to the Windows OS (such as physical access to an engineering workstation or remote access via another vulnerability) could exploit keyboard shortcuts or accessibility feature bypass techniques to circumvent the Security Lock mechanism, causing the application to become unavailable or allowing unauthorized access to process control functions.

Prerequisites

Local access to the Windows operating system where Freelance is running
Ability to use keyboard input or accessibility features on the workstation
Freelance Security Lock must be actively in use as the authentication mechanism

Local access requiredLow complexity exploitationAffects access control systemsNo patch available for older versionsSecurity Lock is a critical protective mechanism

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Freelance Security Lock≤ Freelance 2013Freelance 2013 SP1Freelance 2016 and 5 moreNo fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDFor Freelance 2016 SP1 and earlier: Disable unnecessary accessibility features on workstations running Freelance to reduce keyboard shortcut attack vectors

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXFor Freelance 2019 or higher: Migrate from Freelance Security Lock to Freelance Extended User Management, which uses Windows user accounts for access control

HARDENINGFor Freelance 2016 SP1 and earlier: Implement BIOS/UEFI-level restrictions on keyboard input during runtime to prevent bypass attempts

Long-term hardening

0/1

HARDENINGUse hardened Windows OS configurations that suppress system-level keyboard shortcuts that could be abused to escape the Security Lock

CVEs (1)

CVE-2025-7064

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/18f5e25c-de4c-4b9c-9e68-3d81d54ac4af

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.