Authentication Bypass Vulnerability in ABB Ability Edgenius
ABB disclosed a critical authentication bypass vulnerability, tracked as CVE-2025-10571, affecting ABB Ability Edgenius versions 3.2.0.0 and 3.2.1.1. The flaw allows attackers to bypass authentication using an alternate path or channel, potentially granting unauthorized access to the Edgenius Management Portal. The vulnerability has been assigned a CVSS score of 9.6, indicating a high level of severity, and ABB has issued guidance for users and administrators to review mitigations and apply necessary security measures.
Security advisories from the Canadian Centre for Cyber Security and CVE databases highlight the risk posed by this vulnerability and urge organizations using affected versions to take immediate action. No evidence of remote exploitability has been reported, but the critical nature of the flaw underscores the importance of prompt remediation to protect industrial control systems managed by ABB Ability Edgenius.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Canadian Centre for Cyber Security publishes ABB advisory AV25-776
The Canadian Centre for Cyber Security published control systems advisory AV25-776 covering the ABB security issue. This appears to be a government alert relaying ABB's vulnerability disclosure.
ABB discloses Edgenius authentication bypass vulnerability CVE-2025-10571
ABB disclosed CVE-2025-10571, an authentication bypass flaw in ABB Ability Edgenius affecting versions 3.2.0.0 and 3.2.1.1. The company rated the issue Critical and stated it is not remotely exploitable.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Warns of Critical Authentication Flaws in ABB Edgenius and AWIN Gateways
CISA republished ABB advisories warning of serious vulnerabilities in **ABB Edgenius Management Portal** and **ABB AWIN Gateways**, affecting products used in critical manufacturing environments worldwide. The most severe issue impacts Edgenius Management Portal versions `3.2.0.0` and `3.2.1.1`, where a **CWE-288 authentication bypass** with a **CVSS v3.1 score of 9.6** could let an attacker send specially crafted messages to a system node to install and execute arbitrary code, uninstall applications, and alter application configurations. ABB AWIN GW100 rev.2 and AWIN GW120 devices running firmware versions `2.0-0`, `2.0-1`, `1.2-0`, and `1.2-1` are also affected by multiple flaws, including authentication bypass by capture-replay and missing authentication for critical functions.
May 24, 2026
ABB EIBPORT Reflected Cross-Site Scripting Vulnerability
ABB published a security advisory addressing a reflected cross-site scripting (XSS) vulnerability, identified as CVE-2021-22291, in its EIBPORT V3 KNX and EIBPORT V3 KNX GSM products. The vulnerability is present in versions of these products prior to 3.9.2. This security flaw is due to improper neutralization of input during web page generation, which allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability can be exploited remotely, increasing the risk for organizations using affected ABB EIBPORT devices in their environments. The Common Vulnerability Scoring System (CVSS) rates this issue as high severity, with a score of 8.5, indicating significant potential impact if exploited. The Canadian Centre for Cyber Security issued an alert encouraging users and administrators to review ABB’s advisory and implement the recommended mitigations. ABB’s advisory provides technical details about the vulnerability and affected product versions, emphasizing the need for prompt updates to version 3.9.2 or later. The vulnerability could allow attackers to execute arbitrary scripts in the context of a user’s browser session, potentially leading to information theft, session hijacking, or further compromise of the affected system. No specific incidents of exploitation have been reported, but the public disclosure and remote exploitability heighten the urgency for remediation. ABB’s security team is the source of the vulnerability information, and they have coordinated the disclosure to ensure customers are informed. The advisory does not list specific affected product serial numbers but confirms the vulnerability applies to all EIBPORT V3 KNX and EIBPORT V3 KNX GSM devices running firmware prior to 3.9.2. Organizations are advised to update their devices as soon as possible and to review their web application security controls. The vulnerability highlights the ongoing risks associated with web-based management interfaces in industrial control systems. ABB’s response demonstrates a commitment to transparency and customer protection. The Canadian Centre for Cyber Security’s involvement underscores the importance of this issue for critical infrastructure operators. Timely patching and adherence to vendor guidance are essential to mitigate the risk posed by this XSS vulnerability.
Mar 21, 2026
Authentication Bypass Vulnerabilities in ServiceNow Now Assist and ABB Ability OPTIMAX
Two separate **critical authentication-bypass** issues were disclosed affecting enterprise platforms, each enabling user impersonation without valid credentials. AppOmni researcher **Aaron Costello** reported a ServiceNow flaw in the **Virtual Agent API** and **Now Assist AI Agents** that allows an unauthenticated attacker to impersonate any ServiceNow user (including admins) and execute privileged AI agents remotely. Tracked as **CVE-2025-12420**, the issue stems from a **hardcoded, platform-wide shared secret** used for AI agent channel providers combined with **insecure account-linking logic** that trusts a requester presenting the shared token plus a victim email address, effectively bypassing **MFA/SSO** controls; affected components include *sn_aia* (Now Assist AI Agents) and *sn_va_as_service* (Virtual Agent API), with fixes available in updated versions. ABB issued a critical advisory for **ABB Ability™ OPTIMAX®** energy management systems using **Azure Active Directory SSO**, warning that **CVE-2025-14510** (CVSS v4.0 **9.2**) can allow attackers to bypass authentication and impersonate legitimate users, potentially leading to full administrative control and impacts such as system shutdown, configuration modification, and arbitrary code execution. The vulnerability affects OPTIMAX versions **6.1–6.4** released prior to **Nov 20, 2025**, and ABB recommends upgrading to patched releases (including **v6.4.1-251120** or **v6.3.1-251120** and later) or applying mitigations if immediate patching is not possible.
Mar 21, 2026