What actions should organizations take in response to these vulnerabilities?

Organizations should immediately apply the updates provided by ABB to mitigate the vulnerabilities and review their network security practices to prevent unauthorized access.

Critical Vulnerabilities in ABB Ability Symphony Plus Engineering: Immediate Action Required

ABB has identified and disclosed multiple vulnerabilities in its Symphony Plus Engineering software, urging users to apply updates promptly to safeguard their systems.

Published: April 30, 2026

Share this on:

Executive Summary

In April 2026, ABB disclosed multiple vulnerabilities in its Ability Symphony Plus Engineering software, primarily due to outdated PostgreSQL components. These vulnerabilities, including CVE-2023-5869, CVE-2023-39417, CVE-2024-7348, and CVE-2024-0985, could allow attackers with network access to execute arbitrary code, potentially compromising entire systems. Affected versions range from 2.2 to 2.4 SP2. ABB has released updates to address these issues and recommends immediate application to mitigate risks.

This incident underscores the critical importance of timely software updates and robust network security practices in industrial control systems. Organizations must remain vigilant against emerging threats targeting outdated components to ensure operational integrity and security.

Why This Matters Now

The disclosure of these vulnerabilities highlights the ongoing risks associated with outdated software components in critical infrastructure. Immediate action is required to prevent potential exploitation, which could lead to significant operational disruptions and security breaches.

Attack Path Analysis

An attacker gains access to the S+ Client Server network, exploits PostgreSQL vulnerabilities to execute arbitrary code, escalates privileges to gain administrative control, moves laterally to other systems, establishes command and control channels, exfiltrates sensitive data, and causes operational disruptions.

Kill Chain Progression

Initial Compromise

Mediuminferred

Privilege Escalation

High

Lateral Movement

Mediuminferred

Command & Control

Mediuminferred

Exfiltration

Mediuminferred

Impact

Mediuminferred

Initial Compromise

Description

An attacker gains unauthorized access to the S+ Client Server network, potentially through misconfigured firewalls or compromised local machines.

Confidence:

Medium

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2023-0228
CVSS 8.8
An improper authentication vulnerability in ABB Symphony Plus S+ Operations allows an unauthorized client to connect to the S+ Operations servers, potentially leading to data corruption, unauthorized information disclosure, unexpected equipment operation, or denial-of-service conditions.
Affected Products:
ABB Symphony Plus S+ Operations – 2.x through 2.1 SP2, 2.2, 3.x through 3.3 SP1, 3.3 SP2
Exploit Status:
no public exploit
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-0228 https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-03

MITRE ATT&CK® Techniques

Initial Access

T1190

Exploit Public-Facing Application

Persistence

T1505.002

Server Software Component: SQL Stored Procedures

Privilege Escalation

T1068

Exploitation for Privilege Escalation

Impact

T1499

Endpoint Denial of Service

Command and Control

T1071.001

Application Layer Protocol: Web Protocols

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

Control ID: 6.2

The use of outdated PostgreSQL versions with known vulnerabilities indicates a failure to apply necessary security patches, exposing the system to potential exploits.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The incident suggests inadequacies in the organization's cybersecurity policy, particularly in vulnerability management and system updates, leading to potential regulatory non-compliance.

DORA – ICT Risk Management Framework

Control ID: Article 5

The exploitation of known vulnerabilities points to deficiencies in the ICT risk management framework, failing to identify and mitigate risks associated with outdated software components.

CISA ZTMM 2.0 – Asset Management

Control ID: 3.1

The presence of vulnerable software versions indicates a lapse in asset management practices, undermining the principles of a zero trust architecture.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The incident reveals shortcomings in implementing appropriate cybersecurity risk management measures, as required by the NIS2 Directive, due to the exploitation of known software vulnerabilities.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Oil/Energy/Solar/Greentech

Critical PostgreSQL vulnerabilities in ABB Symphony Plus Engineering systems enable arbitrary code execution, compromising industrial control systems managing energy generation and distribution infrastructure.

Chemicals

High-severity SQL injection and privilege escalation vulnerabilities in ABB industrial control systems threaten chemical process safety and operational integrity across manufacturing facilities.

Utilities

Water and wastewater treatment facilities using ABB Symphony Plus face remote code execution risks through PostgreSQL vulnerabilities, potentially disrupting critical municipal services.

Industrial Automation

Manufacturing automation systems utilizing ABB Symphony Plus Engineering are vulnerable to TOCTOU race conditions and integer overflow attacks enabling complete system compromise.

Sources

ABB Ability Symphony Plus Engineeringhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-120-06
Verified

ABB Ability Symphony Plushttps://www.cisa.gov/news-events/ics-advisories/icsa-23-068-03

Verified

NVD - CVE-2023-0228https://nvd.nist.gov/vuln/detail/CVE-2023-0228

Verified

Frequently Asked Questions

Versions 2.2 through 2.4 SP2 are affected by the disclosed vulnerabilities.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Implementing Aviatrix Zero Trust CNSF could significantly reduce the attacker's ability to move laterally, escalate privileges, and exfiltrate data by enforcing strict segmentation and identity-aware policies.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's initial access may be constrained by enforcing strict identity-based access controls and micro-segmentation, reducing unauthorized entry points.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges could be limited by enforcing least-privilege access and segmenting workloads based on identity and context.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's lateral movement would likely be constrained by enforcing east-west traffic controls and segmenting workloads to limit unauthorized communication.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to establish command and control channels may be limited by monitoring and controlling outbound communications across multicloud environments.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's data exfiltration efforts would likely be constrained by enforcing strict egress policies and monitoring outbound traffic.

Impact (Mitigations)

The attacker's ability to cause widespread operational disruptions may be limited by reducing the blast radius through strict segmentation and access controls.

Impact at a Glance

Affected Business Functions

Process Control
System Monitoring
Data Acquisition

Operational Disruption

Estimated downtime: 3 days

Financial Impact

Estimated loss: $50,000

Data Exposure

Potential exposure of operational data and system configurations.

Recommended Actions

• Implement Zero Trust Segmentation to enforce least privilege access and prevent lateral movement.
• Deploy Inline IPS (Suricata) to detect and block known exploit patterns targeting PostgreSQL vulnerabilities.
• Utilize Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
• Enhance Threat Detection & Anomaly Response capabilities to identify and respond to suspicious activities promptly.
• Regularly update and patch systems to mitigate known vulnerabilities, such as those in PostgreSQL.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical Vulnerabilities in ABB Ability Symphony Plus Engineering: Immediate Action Required

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2023-0228

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Exploit Public-Facing Application

Server Software Component: SQL Stored Procedures

Exploitation for Privilege Escalation

Endpoint Denial of Service

Application Layer Protocol: Web Protocols

Potential Compliance Exposure

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Asset Management

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Oil/Energy/Solar/Greentech

Chemicals

Utilities

Industrial Automation

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads