← Back to home
ICSA-26-195-01  ·  Published 2026-07-14  ·  View on CISA ICS-CERT ↗

ABB Advant Master Online Builder

CVSS 4.4 MEDIUM

Risk Summary

ABB became aware of vulnerability in the products versions listed as affected in the advisory, where an incorrect version of Online Builder (ONB) was included in the media. An update is available that resolves the vulnerability, see details in Recommended immediate actions.

CVEs (1)

Remediations

  • ABB has investigated the vulnerability and remediated it in the newly released versions. The vulnerability has been resolved in the product versions listed as fixed in the advisory. - Version 6.1.1-2 does not contain this vulnerability and therefore no update is required. The vulnerability was again introduced in 6.1.1-3 when an older ONB version was included in the release media. - Version 6.1.1-4 do not contain this vulnerability but present version 6.1.1-3 by 800xA System Installer and System Configuration Console (SCC). Version 6.1.1-4 is therefore withdrawn. - Version 6.2.0-2 do not contain this vulnerability but present version 6.2.0-1 by 800xA System Installer and System Configuration Console (SCC). Version 6.2.0-2 is therefore withdrawn. ABB recommends that customers apply the update at their earliest convenience. - Control Builder A: It is recommended to update Control Builder A to version 1.4/5 or later. - 800xA for Advant Master: - Versions 6.0.3-1 and earlier, - Versions 6.1.1-1 and earlier, - Versions 6.1.1-2, 6.1.1-3, and 6.1.1-4 should be updated to version 6.1.1-5 or later. - 800xA for Advant Master: - Versions 6.2.0-1 and 6.2.0-2 should be updated to version 6.2.0-3 or later.
  • Since it is required that the attacker has access to the system, it is important that all users that have access to the system are managed as recommended by ABB guidelines. - Allow only authorized users to log on to the system and enforce strong passwords that are changed regularly. - Restrict temporary connection of portable computers, USB memory devices and other removable data carriers. Computers that can be physically accessed by regular users should have ports for removable data carriers disabled or at least managed to only allow intended device types. For more information on recommended practices, see [1].
  • The recommendation is to upgrade to a version where the vulnerability is corrected. If an upgrade Is not possible and a workaround is needed, contact ABB Support.

Affected Vendors

ABB

Affected Products (11)

ABB · Control Builder A <=1.4/4
ABB · Control Builder A 1.4/5
ABB · 800xA for Advant Master <=6.0.3-1
ABB · 800xA for Advant Master <=6.1.1-1
ABB · 800xA for Advant Master 6.1.1-3
ABB · 800xA for Advant Master 6.1.1-5
ABB · 800xA for Advant Master 6.2.0-1
ABB · 800xA for Advant Master 6.2.0-3
ABB · 800xA for Advant Master 6.1.1-2
ABB · 800xA for Advant Master 6.1.1-4
ABB · 800xA for Advant Master 6.2.0-2

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more