BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·8d ago

ABB AC500 V2

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-146-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of vulnerabilities in AC500 V2 listed as affected in the advisory. An attacker who successfully exploited this vulnerability could access fragments of Modbus telegrams that have been sent earlier by that PLC /strong /p p The following versions of ABB AC500 V2 are affected: /p ul li AC500 V2 lt;=2.5.2, 2.5.3 /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 5.8 /td td ABB /td td ABB AC500 V2 /td td Buffer Over-read /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Energy, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-7745 /a /h3 div class= csaf-accordion-content p Sending unsupported function codes to the AC500 V2 Modbus server might result in invalid responses. Fragments of previous responses might be added to the end of the response. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-7745 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB AC500 V2 /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br ABB AC500 V2 lt;=2.5.2 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The vulnerabilities have been resolved in the following product versions: AC500 V2 firmware version 2.5.3 (released in 2016) and later /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/126.html CWE-126 Buffer Over-read /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th th role= columnheader Vector String /th /tr /thead tbody tr td 3.1 /td td 5.8 /td td MEDIUM /td td a href= https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N /a /td /tr /tbody /table /div /div /div /div hr h2 Acknowledgments /h2 ul li Reid Wightman of Dragos. Inc reported these vulnerabilities to Schneider Ele

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-02

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin