---
title: "ABB AC500 V3 PLCs Hit by Critical Vulnerabilities: Patch Now"
short_title: "Critical flaws in ABB AC500 V3 PLCs demand urgent updates"
description: "ABB AC500 V3 PLCs face three critical vulnerabilities (CVE-2025-2595, CVE-2025-41659, CVE-2025-41691). Learn how to mitigate risks and secure industrial systems."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, plc, industrial-security, cve-2025, dos]
score: 0.85
cve_ids: [CVE-2025-2595, CVE-2025-41659, CVE-2025-41691]
---
## TL;DR
ABB has disclosed three critical vulnerabilities in its AC500 V3 PLCs, affecting global industrial operations. Exploitation could lead to unauthorized access, certificate manipulation, or denial-of-service (DoS) attacks. ABB has released firmware version 3.9.0 to patch these flaws—users must update immediately to secure their systems.
Main Content
### Introduction
Industrial control systems (ICS) are the backbone of critical infrastructure, powering everything from energy grids to water treatment facilities. However, their increasing connectivity exposes them to cyber threats. ABB, a global leader in industrial automation, has identified three severe vulnerabilities in its AC500 V3 PLCs, which could allow attackers to bypass security controls, manipulate sensitive data, or disrupt operations. This advisory details the flaws, their impact, and actionable mitigation steps.
### Key Points
- Three critical vulnerabilities (CVE-2025-2595, CVE-2025-41659, CVE-2025-41691) affect ABB AC500 V3 PLCs running firmware versions prior to 3.9.0.
- Exploitation risks: Unauthorized access to visualization files, certificate and key manipulation, and DoS attacks.
- Affected sectors: Chemical, critical manufacturing, energy, and water/wastewater industries.
- Global impact: Deployed worldwide, these vulnerabilities pose a significant risk to industrial operations.
- Patch available: ABB has released firmware version 3.9.0 to address these issues. Users must update immediately.
Technical Details
#### 1. CVE-2025-2595: Forced Browsing Vulnerability
- CVSS Score: 5.3 (Medium)
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Description: An unauthenticated remote attacker can bypass the built-in user management system and access visualization files via forced browsing. While these files contain only static data (e.g., text lists, icons, images), their exposure could reveal sensitive operational details.
- CWE: CWE-425: Direct Request ('Forced Browsing')
#### 2. CVE-2025-41659: Incorrect Permission Assignment
- CVSS Score: 8.3 (High)
- Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
- Description: Low-privileged remote attackers can access the PKI folder via the CODESYS protocol, enabling them to read and write certificates and keys. This vulnerability affects systems using the CmpOpenSSL component and could lead to unauthorized trust in malicious certificates.
- CWE: CWE-732: Incorrect Permission Assignment for Critical Resource
#### 3. CVE-2025-41691: NULL Pointer Dereference (DoS)
- CVSS Score: 7.5 (High)
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Description: An unauthenticated attacker can trigger a NULL pointer dereference in the CmpDevice component by sending specially crafted communication requests. This flaw can cause a denial-of-service (DoS) condition, disrupting industrial processes.
- CWE: CWE-476: NULL Pointer Dereference
### Impact Assessment
The vulnerabilities in ABB AC500 V3 PLCs pose severe risks to industrial operations:
- Operational Disruption: Exploitation of CVE-2025-41691 could lead to DoS attacks, halting critical processes in energy, manufacturing, and water treatment facilities.
- Data Exposure: CVE-2025-2595 allows attackers to access visualization files, potentially revealing sensitive operational data.
- Security Compromise: CVE-2025-41659 enables attackers to manipulate certificates and keys, undermining encryption and authentication mechanisms.
- Global Reach: With ABB PLCs deployed worldwide, these vulnerabilities could impact multiple critical infrastructure sectors, including chemical, energy, and manufacturing.
### Mitigation Steps
ABB has released firmware version 3.9.0 to patch these vulnerabilities. Users must take the following steps:
1. Apply the Update:
- Download Automation Builder 2.9.0 from ABB’s official download site.
- Install firmware version 3.9.0 on all affected AC500 V3 PLCs.
2. General Security Recommendations:
- Isolate ICS networks: Ensure control systems are not accessible from the internet and are separated from business networks using firewalls.
- Restrict access: Limit network exposure for all control system devices.
- Use secure remote access: Employ Virtual Private Networks (VPNs) for remote access, ensuring they are updated to the latest version.
- Monitor for threats: Implement intrusion detection systems to identify and respond to suspicious activity.
3. No Workarounds Available:
- ABB has confirmed that no workarounds exist for these vulnerabilities. The only solution is to apply the firmware update.
### Affected Systems
- Product: ABB AC500 V3 PLCs
- Affected Versions: All versions prior to 3.9.0
- Fixed Version: 3.9.0 (available via Automation Builder 2.9.0)
## Conclusion
The discovery of these vulnerabilities in ABB AC500 V3 PLCs underscores the growing cyber threats to industrial control systems. With critical infrastructure sectors at risk, organizations must act swiftly to apply the firmware update and implement robust security measures. Failure to address these flaws could result in operational disruptions, data breaches, or compromised security.
Stay vigilant, prioritize updates, and adhere to best practices for ICS security to safeguard against evolving cyber threats.
## References
[^1]: ABB. "ICS Advisory: ABB AC500 V3 Multiple Vulnerabilities". CISA, 2026-05-12. Retrieved 2024-10-02.
[^2]: CVE Details. "CVE-2025-2595". Retrieved 2024-10-02.
[^3]: CVE Details. "CVE-2025-41659". Retrieved 2024-10-02.
[^4]: CVE Details. "CVE-2025-41691". Retrieved 2024-10-02.
[^5]: ABB. "Automation Builder Download". Retrieved 2024-10-02.