CISA Warns of Critical Authentication Flaws in ABB Edgenius and AWIN Gateways
CISA republished ABB advisories warning of serious vulnerabilities in ABB Edgenius Management Portal and ABB AWIN Gateways, affecting products used in critical manufacturing environments worldwide. The most severe issue impacts Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1, where a CWE-288 authentication bypass with a CVSS v3.1 score of 9.6 could let an attacker send specially crafted messages to a system node to install and execute arbitrary code, uninstall applications, and alter application configurations. ABB AWIN GW100 rev.2 and AWIN GW120 devices running firmware versions 2.0-0, 2.0-1, 1.2-0, and 1.2-1 are also affected by multiple flaws, including authentication bypass by capture-replay and missing authentication for critical functions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
ABB discloses multiple vulnerabilities in AWIN Gateways
ABB published an advisory covering multiple vulnerabilities in AWIN GW100 rev.2 and AWIN GW120 devices running affected firmware versions. The issues could allow remote device reboot or access to sensitive system configuration data, and no known public exploitation was reported; Fred Alvarez was credited with reporting the flaws.
ABB discloses critical Edgenius Management Portal authentication bypass
ABB published a PSIRT advisory for a critical authentication bypass vulnerability in Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1. The flaw could let an attacker send crafted messages to install and run arbitrary code, uninstall applications, and modify application configurations; no public exploitation was reported.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Authentication Bypass Vulnerability in ABB Ability Edgenius
ABB disclosed a critical authentication bypass vulnerability, tracked as CVE-2025-10571, affecting ABB Ability Edgenius versions 3.2.0.0 and 3.2.1.1. The flaw allows attackers to bypass authentication using an alternate path or channel, potentially granting unauthorized access to the Edgenius Management Portal. The vulnerability has been assigned a CVSS score of 9.6, indicating a high level of severity, and ABB has issued guidance for users and administrators to review mitigations and apply necessary security measures. Security advisories from the Canadian Centre for Cyber Security and CVE databases highlight the risk posed by this vulnerability and urge organizations using affected versions to take immediate action. No evidence of remote exploitability has been reported, but the critical nature of the flaw underscores the importance of prompt remediation to protect industrial control systems managed by ABB Ability Edgenius.
Mar 21, 2026
Multiple ICS Vulnerabilities Disclosed in November 2025 CISA Advisories
CISA published four new advisories detailing critical vulnerabilities affecting a range of industrial control system (ICS) products from Advantech, Ubia, and ABB. The vulnerabilities include improper input neutralization, path traversal, use of hard-coded credentials, insufficiently protected credentials, and improper validation of input types. Exploitation of these flaws could allow attackers to achieve remote code execution, denial-of-service, unauthorized access to camera feeds, or full remote control of affected devices. The impacted products are Advantech DeviceOn/iEdge (v2.0.2 and prior), Ubia Ubox (v1.1.124), and multiple ABB FLXeon controller models (various versions up to 9.3.5). CISA recommends immediate review of the technical details and implementation of mitigations provided in the advisories. Notably, the Ubia Ubox vulnerability remains uncoordinated with the vendor, increasing risk for users. Organizations using these ICS products should prioritize patching, restrict network exposure, and follow CISA's defensive measures to minimize exploitation risk. The advisories underscore the ongoing threat to critical infrastructure posed by vulnerabilities in widely deployed ICS equipment.
Mar 21, 2026
ABB EIBPORT Reflected Cross-Site Scripting Vulnerability
ABB published a security advisory addressing a reflected cross-site scripting (XSS) vulnerability, identified as CVE-2021-22291, in its EIBPORT V3 KNX and EIBPORT V3 KNX GSM products. The vulnerability is present in versions of these products prior to 3.9.2. This security flaw is due to improper neutralization of input during web page generation, which allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability can be exploited remotely, increasing the risk for organizations using affected ABB EIBPORT devices in their environments. The Common Vulnerability Scoring System (CVSS) rates this issue as high severity, with a score of 8.5, indicating significant potential impact if exploited. The Canadian Centre for Cyber Security issued an alert encouraging users and administrators to review ABB’s advisory and implement the recommended mitigations. ABB’s advisory provides technical details about the vulnerability and affected product versions, emphasizing the need for prompt updates to version 3.9.2 or later. The vulnerability could allow attackers to execute arbitrary scripts in the context of a user’s browser session, potentially leading to information theft, session hijacking, or further compromise of the affected system. No specific incidents of exploitation have been reported, but the public disclosure and remote exploitability heighten the urgency for remediation. ABB’s security team is the source of the vulnerability information, and they have coordinated the disclosure to ensure customers are informed. The advisory does not list specific affected product serial numbers but confirms the vulnerability applies to all EIBPORT V3 KNX and EIBPORT V3 KNX GSM devices running firmware prior to 3.9.2. Organizations are advised to update their devices as soon as possible and to review their web application security controls. The vulnerability highlights the ongoing risks associated with web-based management interfaces in industrial control systems. ABB’s response demonstrates a commitment to transparency and customer protection. The Canadian Centre for Cyber Security’s involvement underscores the importance of this issue for critical infrastructure operators. Timely patching and adherence to vendor guidance are essential to mitigate the risk posed by this XSS vulnerability.
Mar 21, 2026