{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/abb/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2025-10571"}],"_cs_exploited":false,"_cs_products":["Edgenius Management Portal 3.2.0.0","Edgenius Management Portal 3.2.1.1","Ability Edgenius 3.2.2.0"],"_cs_severities":["critical"],"_cs_tags":["abb","edgenius","authentication bypass","CVE-2025-10571","critical infrastructure"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1 are vulnerable to an authentication bypass (CVE-2025-10571). An attacker who has gained network access to a vulnerable Edgenius deployment can send a specially crafted message to the system node, bypassing authentication controls. Successful exploitation allows an attacker to install and run arbitrary code, uninstall applications, and modify the configuration of installed applications. ABB reported this vulnerability to CISA. ABB has released version 3.2.2.0 to address the vulnerability. As a mitigation, ABB advises customers to disable the Edgenius Management Portal until the upgrade can be applied.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains access to the network where the Edgenius Management Portal is deployed.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a vulnerable ABB Edgenius Management Portal instance (versions 3.2.0.0 or 3.2.1.1).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious message designed to exploit the authentication bypass vulnerability (CVE-2025-10571).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the specially crafted message to the system node of the Edgenius Management Portal.\u003c/li\u003e\n\u003cli\u003eThe vulnerable Edgenius Management Portal improperly processes the crafted message, bypassing authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the bypassed authentication to install and execute arbitrary code on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker uninstalls applications, further compromising the system\u0026rsquo;s functionality.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the configuration of installed applications to maintain persistence and control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to gain full control over the ABB Edgenius Management Portal. The attacker can install malicious software, uninstall critical applications, and modify configurations, leading to significant disruption of industrial processes, data theft, or further lateral movement within the OT network. Affected sectors include critical manufacturing and information technology, with deployments worldwide.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to ABB Ability Edgenius version 3.2.2.0 to remediate CVE-2025-10571, as this version contains the vendor fix.\u003c/li\u003e\n\u003cli\u003eUntil the upgrade is applied, disable the Edgenius Management Portal to mitigate the vulnerability as recommended by ABB.\u003c/li\u003e\n\u003cli\u003eMinimize network exposure for all control system devices by ensuring they are not accessible from the internet, as suggested by CISA.\u003c/li\u003e\n\u003cli\u003eLocate control system networks and remote devices behind firewalls, isolating them from business networks per CISA recommendations.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect ABB Edgenius Management Portal Exploitation Attempt\u0026rdquo; to identify potential exploitation attempts based on network traffic patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T12:00:00Z","date_published":"2026-04-30T12:00:00Z","id":"/briefs/2026-04-abb-edgenius-auth-bypass/","summary":"An authentication bypass vulnerability in ABB Edgenius Management Portal versions 3.2.0.0 and 3.2.1.1 allows attackers to execute arbitrary code and modify application configurations by sending a specially crafted message to the system node.","title":"ABB Edgenius Management Portal Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-abb-edgenius-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Abb","version":"https://jsonfeed.org/version/1.1"}