---
title: "ABB AC500 V2 Vulnerability Exposes Modbus Data: CVE-2025-7745 Explained"
short_title: "ABB AC500 V2 flaw leaks Modbus data fragments"
description: "ABB AC500 V2 PLCs affected by CVE-2025-7745, a medium-severity buffer over-read vulnerability. Learn risks, fixes, and mitigation steps for industrial systems."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, plc, modbus, cve-2025-7745, industrial-security]
score: 0.65
cve_ids: [CVE-2025-7745]
---
## TL;DR
ABB has disclosed a medium-severity vulnerability (CVE-2025-7745) in its AC500 V2 PLCs, allowing attackers to access fragments of previously sent Modbus telegrams. The flaw, classified as a buffer over-read, affects versions ≤2.5.2 and has been patched in firmware version 2.5.3. Industrial sectors like energy, manufacturing, and water treatment are at risk if mitigation steps are not implemented.
Main Content
### Introduction
Industrial control systems (ICS) are the backbone of critical infrastructure, and vulnerabilities in these systems can have far-reaching consequences. ABB, a global leader in industrial automation, has identified a security flaw in its AC500 V2 programmable logic controllers (PLCs). The vulnerability, tracked as CVE-2025-7745, could allow attackers to access sensitive data fragments from Modbus communications. This article breaks down the technical details, impact, and mitigation strategies for this vulnerability.
### Key Points
- Vulnerability: CVE-2025-7745 is a buffer over-read flaw in ABB AC500 V2 PLCs, enabling attackers to access fragments of previous Modbus telegrams.
- Affected Versions: AC500 V2 firmware versions ≤2.5.2 are vulnerable. The issue is resolved in version 2.5.3.
- Severity: Rated 5.8 (Medium) on the CVSS scale, with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N.
- Impacted Sectors: Critical manufacturing, energy, and water/wastewater systems worldwide.
- Mitigation: ABB recommends upgrading to the latest firmware and avoiding the use of unsupported Modbus function codes.
### Technical Details
#### Vulnerability Overview
CVE-2025-7745 stems from a buffer over-read issue in the Modbus server of ABB AC500 V2 PLCs. When an attacker sends unsupported function codes to the Modbus server, the system may respond with invalid data, including fragments of previous Modbus telegrams. This could expose sensitive information, such as configuration details or operational data, to unauthorized parties.
#### Modbus Protocol Risks
Modbus is a widely used communication protocol in industrial environments, but its simplicity and lack of built-in security features make it a common target for attackers. In this case, the vulnerability highlights the risks of:
- Unsupported function codes: Sending invalid requests can trigger unexpected behavior.
- Data leakage: Fragments of previous communications may be exposed, compromising confidentiality.
#### CWE Classification
The vulnerability is classified under CWE-126: Buffer Over-read, a common issue in software where data is read beyond the intended buffer boundary.
### Impact Assessment
#### Potential Risks
While CVE-2025-7745 is rated as Medium severity, its implications for industrial environments are significant:
1. Data Exposure: Attackers could access fragments of sensitive Modbus communications, potentially revealing operational details or configuration data.
2. Operational Disruption: Invalid responses to unsupported function codes may cause Modbus clients to malfunction, leading to downtime or erratic behavior.
3. Targeted Attacks: Threat actors could exploit this flaw to gather intelligence for more sophisticated attacks on critical infrastructure.
#### Affected Systems
The vulnerability impacts ABB AC500 V2 PLCs deployed in:
- Critical manufacturing facilities
- Energy sector operations
- Water and wastewater treatment plants
These systems are often used in worldwide deployments, making the vulnerability a global concern.
### Mitigation Steps
ABB has released a firmware update to address CVE-2025-7745. Organizations using affected PLCs should take the following steps:
#### Immediate Actions
1. Upgrade Firmware: Install AC500 V2 firmware version 2.5.3 or later to resolve the vulnerability.
2. Avoid Sensitive Data: Do not use the Modbus server to transmit sensitive information, as fragments may remain accessible even after the initial transmission.
3. Use Supported Function Codes: Restrict Modbus communications to supported function codes to prevent invalid responses.
#### Long-Term Recommendations
- Network Segmentation: Isolate control system networks from business networks using firewalls.
- Remote Access Controls: Use Virtual Private Networks (VPNs) for remote access, ensuring they are updated to the latest version.
- Monitoring and Detection: Implement intrusion detection systems (IDS) to monitor for suspicious activity targeting Modbus communications.
- Regular Audits: Conduct periodic security audits to identify and address vulnerabilities in industrial control systems.
For additional guidance, refer to CISA’s ICS Cybersecurity Best Practices and Defense-in-Depth Strategies.
## Conclusion
CVE-2025-7745 underscores the importance of securing industrial control systems against seemingly minor vulnerabilities that can have major consequences. While the flaw is rated as Medium severity, its potential impact on critical infrastructure sectors like energy and manufacturing cannot be ignored. Organizations using ABB AC500 V2 PLCs should upgrade to the latest firmware, implement network security best practices, and avoid transmitting sensitive data via Modbus.
As industrial systems become increasingly connected, proactive cybersecurity measures are essential to prevent exploitation and ensure the reliability of critical operations.
## References
[^1]: ABB PSIRT. "Security Advisory 3ADR011432". Retrieved 2024-10-02.
[^2]: CISA. "ICS Advisory ICSA-26-146-02". Retrieved 2024-10-02.
[^3]: MITRE. "CWE-126: Buffer Over-read". Retrieved 2024-10-02.
[^4]: CVE Details. "CVE-2025-7745". Retrieved 2024-10-02.