Executive Summary
In June 2026, a vulnerability identified as CVE-2025-7064 was disclosed in ABB's Freelance Security Lock software. This authentication bypass flaw allows attackers to access underlying Windows OS functions even when Freelance Operations is active, depending on system configuration and user permissions. Affected versions include Freelance through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. (nvd.nist.gov)
The vulnerability has a CVSS score of 6.6, indicating a medium severity level. While no active exploitation has been reported, organizations using the affected versions should assess their exposure and apply patches as recommended by ABB. (nvd.nist.gov)
Why This Matters Now
This vulnerability underscores the importance of securing industrial control systems against authentication bypass flaws, which can lead to unauthorized access and potential disruption of critical manufacturing processes.
Attack Path Analysis
An attacker exploited undocumented key combinations to bypass the Freelance Operations interface, gaining unauthorized access to the underlying Windows OS. This allowed the attacker to escalate privileges by manipulating user management settings within the Freelance system. Subsequently, the attacker moved laterally across the network by accessing other systems connected to the compromised machine. The attacker established command and control by deploying remote access tools to maintain persistent access. Sensitive data was exfiltrated by transferring files to external servers. Finally, the attacker executed actions causing operational disruption, such as modifying or deleting critical system files.
Kill Chain Progression
Initial Compromise
Description
Exploited undocumented key combinations to bypass Freelance Operations interface and access underlying Windows OS.
Related CVEs
CVE-2025-7064
CVSS 6.6An authentication bypass vulnerability in ABB Freelance Security Lock allows attackers to access underlying OS functions, potentially leading to system manipulation or disruption.
Affected Products:
ABB Freelance Security Lock – ≤ 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Modify Authentication Process
Network Device Authentication
Multi-Factor Authentication
Use Alternate Authentication Material
Web Session Cookie
Multi-Factor Authentication Interception
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
NIST SP 800-53 – Account Management
Control ID: AC-2
PCI DSS 4.0 – Strong Authentication for Users
Control ID: 8.2.2
NYDFS 23 NYCRR 500 – Multi-Factor Authentication
Control ID: 500.12
DORA – ICT Risk Management Framework
Control ID: Article 6
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
CISA ZTMM 2.0 – Identity and Access Management
Control ID: Identity Pillar
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Industrial Automation
ABB Freelance Security Lock authentication bypass vulnerability directly exposes industrial control systems to unauthorized OS access, compromising operational technology security and manufacturing processes.
Oil/Energy/Solar/Greentech
Critical infrastructure vulnerability in ABB systems threatens energy sector operations through potential unauthorized control system access, requiring immediate segmentation and egress security controls.
Utilities
Authentication bypass in widely-deployed ABB Freelance systems creates significant risk for utility infrastructure, necessitating enhanced zero trust segmentation and threat detection capabilities.
Chemicals
Manufacturing process control systems using ABB Freelance face elevated security risks from keyboard-based authentication bypass, demanding strengthened industrial network security and monitoring.
Sources
- ABB Freelance Security Lockhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-174-05Verified
- ABB Freelance Security Lock Vulnerability Advisoryhttps://search.abb.com/library/Download.aspx?DocumentID=7PAA020361&LanguageCode=en&DocumentPartId=&Action=LaunchVerified
- NVD Entry for CVE-2025-7064https://nvd.nist.gov/vuln/detail/CVE-2025-7064Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it would likely limit the attacker's ability to escalate privileges, move laterally, and exfiltrate data by enforcing strict segmentation and identity-based access controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit undocumented key combinations to bypass the Freelance Operations interface and access the underlying Windows OS would likely be constrained.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges by manipulating user management settings within the Freelance system would likely be constrained.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally across the network by accessing other systems connected to the compromised machine would likely be constrained.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish persistent command and control by deploying remote access tools would likely be constrained.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to transfer sensitive data to external servers would likely be constrained.
The attacker's ability to modify or delete critical system files, causing operational disruption, would likely be constrained.
Impact at a Glance
Affected Business Functions
- Process Control
- System Monitoring
- Operational Safety
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of system configuration data and operational parameters.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access between systems and limit lateral movement.
- • Deploy East-West Traffic Security to monitor and control internal network communications.
- • Utilize Threat Detection & Anomaly Response to identify and respond to unauthorized access attempts.
- • Enforce Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
- • Apply Inline IPS (Suricata) to detect and block known exploit patterns and malicious payloads.
