Which versions of ABB Ability Edgenius are affected by this vulnerability?

Versions 3.2.0.0 and 3.2.1.1 of ABB Ability Edgenius are affected by CVE-2025-10571.

How can organizations mitigate the risks associated with CVE-2025-10571?

Organizations should upgrade to ABB Ability Edgenius version 3.2.2.0 immediately and implement strict network segmentation to limit access to the management portal.

Critical Vulnerability in ABB Ability Edgenius: Immediate Action Required

A newly discovered authentication bypass in ABB Ability Edgenius poses significant risks to industrial control systems. Learn how to protect your infrastructure.

Published: April 30, 2026

Share this on:

Executive Summary

In November 2025, a critical authentication bypass vulnerability (CVE-2025-10571) was identified in ABB Ability Edgenius versions 3.2.0.0 and 3.2.1.1. This flaw allows unauthenticated attackers on adjacent networks to send specially crafted messages to the system node, enabling them to install and run arbitrary code, uninstall applications, and modify configurations of installed applications. The vulnerability has a CVSS v3.1 base score of 9.6, indicating its critical severity. ABB has released version 3.2.2.0 to address this issue and recommends immediate upgrading. (library.e.abb.com)

The discovery of this vulnerability underscores the increasing risks associated with edge computing platforms in industrial environments. As these systems often bridge IT and operational technology (OT) networks, their compromise can lead to significant operational disruptions and safety hazards. Organizations must prioritize securing such platforms to prevent unauthorized access and potential exploitation.

Why This Matters Now

The exploitation of CVE-2025-10571 could lead to unauthorized control over critical industrial processes, posing significant operational and safety risks. Immediate action is required to mitigate potential threats to infrastructure and ensure system integrity.

Attack Path Analysis

An attacker exploited an authentication bypass vulnerability in ABB Ability Edgenius Management Portal, gaining unauthorized access to the system. This access allowed the attacker to escalate privileges, install and execute arbitrary code, and modify configurations. The attacker then moved laterally within the network, compromising additional systems. They established command and control channels to maintain persistent access. Sensitive data was exfiltrated from the compromised systems. Finally, the attacker disrupted operations by uninstalling applications and altering system configurations.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

Medium

Command & Control

Medium

Exfiltration

Medium

Impact

High

Initial Compromise

Description

Exploited an authentication bypass vulnerability in ABB Ability Edgenius Management Portal to gain unauthorized access.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2025-10571
CVSS 9.6
An authentication bypass vulnerability in ABB Ability Edgenius versions 3.2.0.0 through 3.2.1.1 allows unauthenticated attackers to install and run arbitrary code, uninstall applications, and modify configurations.
Affected Products:
ABB Ability Edgenius – 3.2.0.0, 3.2.1.1
Exploit Status:
no public exploit
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-10571 https://psirt.abb.com/csaf/2025/7paa022088.json

MITRE ATT&CK® Techniques

Defense Evasion

T1556

Modify Authentication Process

Credential Access

T1212

Exploitation for Credential Access

Defense Evasion

T1078

Valid Accounts

Privilege Escalation

T1548.002

Bypass User Account Control

Defense Evasion

T1211

Exploitation for Defense Evasion

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

NIST SP 800-53 – Access Enforcement

Control ID: AC-3

The vulnerability allowed unauthorized access to system functions, violating access enforcement policies.

PCI DSS 4.0 – Strong Authentication for Users

Control ID: 8.2.1

The authentication bypass vulnerability compromised the requirement for strong user authentication mechanisms.

NYDFS 23 NYCRR 500 – Access Privileges

Control ID: 500.07

Unauthorized access due to the vulnerability indicates inadequate control over access privileges.

DORA – ICT Risk Management Framework

Control ID: Article 6

The incident highlights deficiencies in the ICT risk management framework concerning authentication controls.

CISA ZTMM 2.0 – Identity and Access Management

Control ID: 3.1

The authentication bypass indicates a failure in implementing robust identity and access management controls.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Industrial Automation

Critical authentication bypass vulnerability in ABB Edgenius Management Portal enables arbitrary code execution, directly threatening industrial control systems and manufacturing operations worldwide.

Utilities

Power grid and utility infrastructure using ABB edge management systems face severe compromise risk through unauthenticated access enabling configuration modification and service disruption.

Oil/Energy/Solar/Greentech

Energy sector's critical infrastructure relies heavily on ABB industrial control systems, making authentication bypass vulnerabilities potentially catastrophic for operational technology environments.

Computer/Network Security

Security professionals must prioritize zero trust segmentation and east-west traffic monitoring to detect lateral movement exploiting industrial control system vulnerabilities like CVE-2025-10571.

Sources

ABB Edgenius Management Portalhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-120-03
Verified

ABB Cybersecurity Advisory 7PAA022088https://psirt.abb.com/csaf/2025/7paa022088.json

Verified

NVD - CVE-2025-10571https://nvd.nist.gov/vuln/detail/CVE-2025-10571

Verified

Frequently Asked Questions

CVE-2025-10571 is a critical authentication bypass vulnerability in ABB Ability Edgenius versions 3.2.0.0 and 3.2.1.1, allowing unauthenticated attackers to execute arbitrary code and modify system configurations.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware controls.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's initial unauthorized access may have been constrained by identity-aware controls, reducing the likelihood of exploiting authentication vulnerabilities.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges could have been limited by enforcing least-privilege access controls, reducing the scope of administrative access.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's lateral movement within the network could have been constrained, reducing the risk of compromising additional systems.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to establish command and control channels may have been limited, reducing the risk of persistent unauthorized access.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's data exfiltration efforts could have been constrained, reducing the risk of sensitive data loss.

Impact (Mitigations)

The attacker's ability to disrupt operations may have been limited, reducing the overall impact on system functionality.

Impact at a Glance

Affected Business Functions

Industrial Control Systems Management
Application Deployment
System Configuration

Operational Disruption

Estimated downtime: 3 days

Financial Impact

Estimated loss: $50,000

Data Exposure

Potential exposure of system configurations and application data.

Recommended Actions

• Implement Zero Trust Segmentation to enforce least privilege access and prevent unauthorized lateral movement.
• Deploy East-West Traffic Security controls to monitor and restrict internal network communications.
• Utilize Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration.
• Establish Multicloud Visibility & Control to detect and respond to anomalous activities across cloud environments.
• Apply Inline IPS (Suricata) to identify and block known exploit patterns and malicious payloads.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical Vulnerability in ABB Ability Edgenius: Immediate Action Required

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2025-10571

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Modify Authentication Process

Exploitation for Credential Access

Valid Accounts

Bypass User Account Control

Exploitation for Defense Evasion

Potential Compliance Exposure

NIST SP 800-53 – Access Enforcement

PCI DSS 4.0 – Strong Authentication for Users

NYDFS 23 NYCRR 500 – Access Privileges

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Identity and Access Management

Sector Implications

Industrial Automation

Utilities

Oil/Energy/Solar/Greentech

Computer/Network Security

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads