How can this vulnerability be mitigated?

ABB recommends toggling the mode switch from 'Door-Open' to 'Light' mode, waiting one second, switching back to 'Door-Open' mode, and then performing a power reset to recalibrate the system and correct the misconfiguration.

Critical Vulnerability in ABB's Busch-Welcome 2 Wire Door Opener Actuator (CVE-2025-7705)

Q: Which devices are affected by this vulnerability?

All versions of ABB's Switch Actuator 4 DU (model 83330) and Switch Actuator, door/light 4 DU (model 83330-500) are affected.

Discover the details of CVE-2025-7705, a vulnerability in ABB's door opener actuators that could allow unauthorized physical access due to default compatibility mode settings.

Published: May 29, 2026

Share this on:

Executive Summary

In July 2025, ABB disclosed a vulnerability (CVE-2025-7705) in its Busch-Welcome 2 Wire Door Opener Actuator, specifically affecting all versions of the Switch Actuator 4 DU (model 83330) and Switch Actuator, door/light 4 DU (model 83330-500). The issue arises from the devices operating in compatibility mode by default, which could allow an attacker with physical access to bypass authentication mechanisms and gain unauthorized entry to buildings where these devices are installed. The vulnerability has been assigned a CVSS v3.1 base score of 6.8, indicating medium severity. (nvd.nist.gov)

This incident underscores the critical importance of securing physical access control systems, especially in commercial facilities. As IoT devices become increasingly integrated into building management, ensuring their security configurations are properly set and regularly updated is paramount to prevent unauthorized access and potential security breaches.

Why This Matters Now

With the proliferation of IoT devices in critical infrastructure, vulnerabilities like CVE-2025-7705 highlight the urgent need for robust security measures to prevent unauthorized physical access and potential exploitation.

Attack Path Analysis

An attacker exploits the default compatibility mode in ABB Busch-Welcome 2 Wire Door Opener Actuator to gain unauthorized physical access to a building. No privilege escalation is required as the initial compromise provides direct access. The attacker moves laterally within the building's network to identify and access other connected systems. They establish command and control by deploying tools to maintain access and control over compromised systems. Sensitive data is exfiltrated from internal systems to external servers. The attack culminates in significant impact, including potential data breaches and operational disruptions.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

Mediuminferred

Command & Control

Mediuminferred

Exfiltration

Mediuminferred

Impact

Mediuminferred

Initial Compromise

Description

Exploitation of default compatibility mode in ABB Busch-Welcome 2 Wire Door Opener Actuator allows unauthorized physical access.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2025-7705
CVSS 6.8
Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330 and Switch actuator, door/light 4 DU-83330-500 allows an attacker to gain unauthorized physical access to buildings where the product is installed.
Affected Products:
ABB Switch Actuator 4 DU-83330 – All Versions
ABB Switch actuator, door/light 4 DU-83330-500 – All Versions
Exploit Status:
no public exploit
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-7705 https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-04

MITRE ATT&CK® Techniques

Defense Evasion

T1556

Modify Authentication Process

Defense Evasion

T1078

Valid Accounts

Privilege Escalation

T1548

Abuse Elevation Control Mechanism

Credential Access

T1552

Unsecured Credentials

Defense Evasion

T1562

Impair Defenses

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

NIST SP 800-53 – Access Enforcement

Control ID: AC-3

The vulnerability allows unauthorized physical access, indicating a failure in enforcing access controls.

PCI DSS 4.0 – Limit Access to System Components and Cardholder Data

Control ID: 7.1

The authentication bypass could lead to unauthorized access to systems handling sensitive data, violating access limitation requirements.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The incident suggests deficiencies in the cybersecurity policy regarding access control and system configuration.

DORA – ICT Risk Management Framework

Control ID: Article 5

The presence of active debug code indicates inadequate ICT risk management practices.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The vulnerability exposes weaknesses in cybersecurity risk management measures required by the directive.

CISA ZTMM 2.0 – Identity

Control ID: Pillar 1

The authentication bypass vulnerability undermines identity verification processes essential to zero trust principles.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Commercial Real Estate

Physical access control systems vulnerable to authentication bypass, enabling unauthorized building entry through compromised ABB door actuators in office complexes.

Government Administration

Critical infrastructure facilities face physical security breaches via IoT door control vulnerabilities, requiring immediate network segmentation and access monitoring.

Health Care / Life Sciences

Hospital and medical facility door systems susceptible to unauthorized access, violating HIPAA compliance requirements and patient safety protocols.

Higher Education/Acadamia

Campus building security compromised through vulnerable door actuators, exposing student facilities to physical intrusion and safety risks.

Sources

ABB Busch-Welcome 2 Wire Door Opener Actuatorhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-148-04
Verified

CVE-2025-7705 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-7705

Verified

Frequently Asked Questions

CVE-2025-7705 is a vulnerability in ABB's Busch-Welcome 2 Wire Door Opener Actuator that allows authentication bypass due to the device operating in compatibility mode by default.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is relevant to this incident as it could likely reduce the attacker's ability to move laterally within the network and exfiltrate sensitive data, thereby limiting the overall impact of the breach.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: While Aviatrix Zero Trust CNSF primarily focuses on network security, it could likely limit the attacker's ability to exploit network vulnerabilities following physical access.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: Aviatrix Zero Trust Segmentation could likely limit the attacker's ability to access sensitive systems without additional credentials.

Lateral Movement

Control: East-West Traffic Security

Mitigation: Aviatrix East-West Traffic Security could likely limit the attacker's ability to move laterally within the network.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: Aviatrix Multicloud Visibility & Control could likely limit the attacker's ability to establish and maintain command and control channels.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: Aviatrix Egress Security & Policy Enforcement could likely limit the attacker's ability to exfiltrate sensitive data.

Impact (Mitigations)

Aviatrix Zero Trust CNSF could likely limit the overall impact of the attack by reducing the attacker's ability to access and exfiltrate sensitive data.

Impact at a Glance

Affected Business Functions

Physical Security Systems

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

n/a

Recommended Actions

• Implement Zero Trust Segmentation to restrict device communication and limit lateral movement.
• Deploy East-West Traffic Security to monitor and control internal network traffic.
• Utilize Threat Detection & Anomaly Response systems to identify and respond to suspicious activities.
• Apply Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
• Ensure all IoT devices are configured securely and regularly updated to mitigate vulnerabilities.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical Vulnerability in ABB's Busch-Welcome 2 Wire Door Opener Actuator (CVE-2025-7705)

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2025-7705

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Modify Authentication Process

Valid Accounts

Abuse Elevation Control Mechanism

Unsecured Credentials

Impair Defenses

Potential Compliance Exposure

NIST SP 800-53 – Access Enforcement

PCI DSS 4.0 – Limit Access to System Components and Cardholder Data

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

NIS2 Directive – Cybersecurity Risk Management Measures

CISA ZTMM 2.0 – Identity

Sector Implications

Commercial Real Estate

Government Administration

Health Care / Life Sciences

Higher Education/Acadamia

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads