ICSA-25-133-04
·
Published 2026-05-21
·
View on CISA ICS-CERT ↗
ABB Automation Builder (Update A)
CVSS 7.8
HIGH
Risk Summary
ABB is aware of vulnerabilities in the product versions listed as affected in the following section. An attacker who successfully exploited this vulnerability could overrule the Automation Builder’s user management. Workarounds to close the vulnerabilities are available.
CVEs (2)
Remediations
- Immediate workarounds to close the vulnerability: • CVE-2025-3394: In the project settings, set “Security” to “Integrity check” ABB recommends that customers apply the workarounds at earliest convenience. With the next Automation Builder version 2.8.1, the default for “Security” will be set to “Integrity check”. The release of Automation Builder version 2.8.1 is scheduled for July 2025.
- Immediate workarounds to close the vulnerability: • CVE-2025-3395: In the project settings, set “Security” to “Encryption” ABB recommends that customers apply the workarounds at earliest convenience. With the next Automation Builder version 2.8.1, the default for “Security” will be set to “Integrity check”. The release of Automation Builder version 2.8.1 is scheduled for July 2025.
Affected Vendors
ABB
Affected Products (2)
ABB
·
Automation Builder
<=2.8.0
ABB
·
Automation Builder
2.8.1
Affected Sectors
Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more