Select region & language

Austria

German

Belgium

Dutch

French

Bulgaria

Bulgarian

Croatia

Croatian

Czech Republic

Czech

Denmark

Danish

Estonia

Estonian

Finland

Finnish

France

French

Germany

German

Greece

Greek

Hungary

Hungarian

Ireland

English

Italy

Italian

Latvia

Latvian

Lithuania

Lithuanian

Luxembourg

French

Netherlands

Dutch

Norway

Norwegian

Poland

Polish

Portugal

Portuguese

Romania

Romanian

Russia

Russian

Serbia

Serbian

Slovakia

Slovakian

Slovenia

Slovenian

Spain

Spanish

Sweden

Swedish

Turkiye

Turkish

United Kingdom

English

Argentina

Spanish

Aruba

Spanish

Bolivia

Spanish

Brazil

Portuguese

Chile

Spanish

Colombia

Spanish

Costa Rica

Spanish

Dominican Republic

Spanish

Ecuador

Spanish

El Salvador

Spanish

Guatemala

Spanish

Honduras

Spanish

Mexico

Spanish

Panama

Spanish

Peru

Spanish

Puerto Rico

Spanish

United States of America

English

Uruguay

Spanish

Bahrain

English

Botswana

English

French

Cameroon

English

French

Côte d'Ivoire

English

French

Israel

Hebrew

Jordan

English

Kuwait

English

Lebanon

English

Madagascar

English

French

Mauritius

English

French

Oman

English

Pakistan

English

Palestine

English

Qatar

English

Saudi Arabia

English

South Africa

English

Tanzania

English

French

United Arab Emirates

English

Zimbabwe

English

French

Australia

English

Bangladesh

English

India

English

Indonesia

English

Japan

Japanese

Kazakhstan

Russian

Malaysia

English

New Zealand

English

Philippines

English

Singapore

English

South Korea

Korean

Sri Lanka

English

Taiwan (Chinese Taipei)

Chinese - Traditional

Thailand

English

Vietnam

English

Cyber security alerts and notifications

We are committed to providing our customers with products, systems and services that clearly address cyber security. Proper and timely handling of cyber security incidents and software vulnerabilities is one important factor in helping our customers minimize risks associated with cyber security.

2023

2023-12-14: Cyber Security Advisory - ActiveMQ vulnerability: impact on ABB Ability™ Genix

2023-10-30: Cyber Security Advisory - ABB COM600 CODESYS Vulnerabilities

2023-09-05 (**Updated 2024-01-10**) - Cyber Security Advisory - AC500 V3 Multiple RCE and DoS vulnerabilities in the CODESYS protocol

2023-08-04: Cyber Security Advisory - Freelance AC 900F and AC 700F, multiple vulnerabilities

2023-07-28: Cyber Security Advisory - AO-OPC Unquoted Service Path

2023-07-26: Cyber Security Advisory - B&R Automation Runtime SYN Flooding Vulnerability in Portmapper

2023-07-24: Cyber Security Advisory - ABB Ability Zenon directory permission and internal issues

2023-06-12: Cyber Security Advisory - ABB Relion REX640 Cyber Security Improvements

2023-06-01: Cyber Security Advisory - ASPECT® Control Engines (ACE) Multiple vulnerabilities

2023-05-31: Cyber Security Advisory - B&R APROL - Abuse SLP based traffic for amplification attack

2023-05-18: Cyber Security Advisory - QCS 800xA Vulnerability identified in system log files

2023-05-17: Cyber Security Advisory - Terra AC wallbox Authentication and Communication Vulnerabilities

2023-04-14: Cyber Security Advisory - Several Issues in B&R VC4 Visualization

2023-04-06: Cyber Security Advisory - My Control System (on-premise)Information Disclosure vulnerability

2023-03-31: Cyber Security Advisory - AC500 V2 Multiple vulnerabilities

2023-03-31: Cyber Security Advisory - Flow-X disclosure of sensitive information to unauthenticated users

2023-03-27: Cyber Security Advisory -  ABB RCCMD – Use of default password

2023-03-07: Cyber Security Advisory - ABB Substation management unit COM600 IEC-104 protocol stack vulnerability

2023-03-01: Cyber Security Advisory - Improper authentication vulnerability in S+ Operations

2023-02-27: Cyber Security Advisory - IEC 61850 Communication Stack vulnerability, impact on ABB AC 800PEC and AC 800PEC-based products

2023-02-27: Cyber Security Advisory - Vulnerable TigerVNC Version used in B&R Products

2023-02-15 (**Updated 2023-04-17**) - Cyber Security Advisory - Impact of Insyde UEFI Boot Issues on B&R Products

2023-02-14: Cyber Security Advisory - Automation Runtime Reflected Cross-Site Scripting Vulnerabilities in SDM

2023-02-10 (**Updated 2023-07-10**) - Cyber Security Advisory - Drive Composer multiple vulnerabilities

2023-01-30: Cyber Security Advisory - B&R APROL Several Issues in APROL database

2023-01-03: Cyber Security Advisory - Vulnerabilities in PTC KEPServerEX: Impact on Marine ITMonitoring

2022

2022-12-27 (**Updated 2023-03-16**) - Cyber Security Advisory - NE843 Pulsar Plus Controller Cyber Security Advisory

2022-11-21: Cyber Security Advisory - B&R Technology Guarding Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products 

2022-11-21 (**Updated 2023-03-07**): - Cyber Security Advisory - ARM600 M2M Gateway Aide, Apache, ClamAV, and OpenSSL vulnerabilities

2022-11-15: Cyber Security Advisory - ABB PCM600 Cleartext Credentials Vulnerability

2022-09-19: Cyber Security Advisory - ABB Central Licensing System Vulnerabilities, impact on ABB Ability SCADAvantage

2022-08-25: Cyber Security Advisory - UEFI vulnerability

2022-07-26(**Updated 2022-11-29**) - Cyber Security Advisory –  ABB Ability Zenon ZEE600, ZEE600C Log Server file access control

2022-07-14: Cyber Security Advisory -  ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access

2022-06-21(**Updated 2023-05-02**): Cyber Security Advisory -  ABB Relion REX640 Insufficient file access control

2022-06-14(**Updated 2022-08-23**): Cyber Security Advisory - Link Following Local Privilege Escalation Vulnerabilities in ABB Automation Builder, Drive Composer and Mint WorkBench 

2022-05-26: Cyber Security Advisory –  e-Design - Multiple vulnerabilities

2022-04-28(**Updated 2023-03-31**): Cyber Security Advisory – AC500 V3 CODESYS vulnerabilities

2022-04-26(**Updated 2022-07-26**): Cyber Security Notification – Industroyer2

2022-04-14: Cyber Security Notification - INCONTROLLER

2022-04-11: Cyber Security Advisory - Arctic Wireless Gateway Firewall vulnerability

2022-04-11: Cyber Security Advisory - ARM600 M2M Gateway NSS library and polkit vulnerabilities

2022-03-03: Cyber Security Advisory - B&R APROL A flaw in Chainsaw component of Log4j can lead to code execution

2022-02-25: Cyber Security Advisory - SECURITY - AC 800M MMS - Denial of Service vulnerability in MMS communication

2022-02-02: Cyber Security Advisory - SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module

2022-01-25: Cyber Security Advisory - SECURITY - Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 communication stack

2022-01-24: Cyber Security Advisory - SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability

2022-01-20(**Updated 2022-08-16**): Cyber Security Advisory - RCE through Project Upload from Target (“Evil PLC Attack”)

2022-01-17: Cyber Security Advisory - SECURITY - Wind River VxWorks Multiple Vulnerabilities - Impact on Melody controller PM877

2021

2021-12-16(**Updated 2022-12-19**): Cyber Security Advisory - MMS File Transfer Vulnerability impact on Distribution Automation products

2021-12-15 (**Updated 2022-01-13**): Cyber Security Notification - Apache log4j vulnerabilities (Log4Shell) - impact on ABB products

2021-12-01: Cyber Security Advisory - OmniCore RobotWare Missing Authentication Vulnerability

2021-11-30: Cyber Security Advisory - Number:Jack Vulnerability in B&R Products

2021-11-30: Cyber Security Advisory - Vulnerabilities in B&R Automation Studio and PVI Windows Services

2021-10-29: Cyber Security Advisory - RCE Vulnerability in B&R Automation Studio 

2021-10-29: Cyber Security Advisory - Zip Slip Vulnerability in B&R Automation Studio Project Import 

2021-10-19: Cyber Security Advisory - Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool

2021-09-22: Cyber Security Advisory - free@home System Access Point FW integrity check can be bypassed

2021-09-07: Cybersecurity Advisory - EIBPORT vulnerabilities 

2021-09-03 (**Updated 2021-09-09**): Cybersecurity Advisory - ABB Base Software for SoftControl Remote Code Execution vulnerability

2021-07-09: Cybersecurity Advisory - Denial of service vulnerability on B&R Automation Runtime webserver

2021-07-05: Cybersecurity Advisory - Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device

2021-07-05: Cybersecurity Advisory - Stack crash in B&R Industrial Automation X20 EthernetIP Adpater

2021-07-05: Cybersecurity Advisory - ControlTouch Cloud Service vulnerability

2021-06-21: Cybersecurity Advisory - CodeMeter vulnerabilities, impact on Automation Builder, Drive Application Builder and Virtual Drive

2021-06-03: Cybersecurity Advisory - Multiple Vulnerabilities in Automation Runtime NTP Service

2021-06-03: Cybersecurity Advisory - Amnesia:33 impact on B&R products

2021-05-10 (**Updated 2021-06-30**): Cybersecurity Advisory - NAME:WRECK Impact on B&R Automation Runtime and ARwin

2021-05-06: Cybersecurity Advisory - AC 800PEC platform NAME:WRECK vulnerability

2021-05-06: Cybersecurity Advisory - Cassia Access Controller for ABB

2021-04-30: Cybersecurity Advisory - Denial-of-service vulnerability affecting multiple B&R products

2021-03-12: Cybersecurity Advisory - Denial of Service Vulnerability in ABB Relion 630 Series 61850 communication 

2021-02-12: Cybersecurity Advisory - CodeMeter vulnerabilities, impact on B&R products

2021-02-02: Cybersecurity Advisory - AC500 V2 Webserver vulnerability

2021-01-20: (**Updated 2021-01-21**) Cybersecurity Advisory - AC500 V2 vulnerability

2020

2020-12-15 (**Updated 2022-03-15**): Cybersecurity Advisory - ABB Central Licensing System Vulnerabilities, impact on Symphony® Plus, Composer Harmony, Composer Melody, Harmony OPC Server

2020-12-15: Cybersecurity Advisory - Multiple vulnerabilities in S+ Historian

2020-12-15: Cybersecurity Advisory - Multiple vulnerabilities in S+ Operations

2020-12-08: Cybersecurity Advisory - Arctic wireless gateway Firewall Configuration

2020-09-30: Cybersecurity Advisory - Multiple Vulnerabilities, impact on GateManager

2020-09-30: Cybersecurity Advisory - Multiple Vulnerabilities, impact on SiteManager and GateManager

2020-09-17: (**Updated 2020-10-15**) Cybersecurity Advisory - CodeMeter Vulnerabilities, impact on ABB Automation Builder 

2020-09-10: (**Updated 2022-05-23**) Cybersecurity Notification - CodeMeter Vulnerabilities, impact on ABB products

2020-09-10: Cybersecurity Advisory - CodeMeter Vulnerabilities, impact on ABB AC 800PEC platform

2020-09-10: (**Updated 2021-09-24**) Cybersecurity Advisory - CodeMeter Vulnerabilities, impact on ABB Ability(TM) Operations Data Management zenon

2020-09-10: (**Updated 2020-12-23**) Cybersecurity Advisory - CodeMeter Vulnerabilities, impact on ABB Drives applications

2020-08-12: Cybersecurity Advisory - B&R Automation Runtime TFTP Service DoS Vulnerability

2020-07-31: (**Updated 2023-03-27**) Cybersecurity Advisory - Ripple20 impact on Distribution Automation products

2020-07-15: (**Updated 2020-08-14**) Cybersecurity Notification - Ripple20 Vulnerabilities, impact on ABB products

2020-05-29: SECURITY WindRiver VxWorks IPNet Vulnerabilities impact on CI845

2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on FOX615 Multiservice-Multiplexer

2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on Relion 670, Relion 650, SAM600-IO Series

2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AFS66x

2020-05-25: (**Updated 2020-05-26**) Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on NSD570 Teleprotection Equipment

2020-05-25: (**Updated 2020-05-26**) Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on ETL600 Power Line Carrier System

2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on REB500

2020-05-25: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on RTU500 series

2020-05-21: SECURITY ABB Device Library Wizard Information Disclosure Vulnerability (2PAA121681)

2020-04-22: UPS Adapter CS141 – Path traversal vulnerability

2020-04-21: Multiple vulnerabilities in B&R Automation Studio

2020-04-21: TPM-Fail vulnerability in several B&R products

2020-04-21 (**Updated 2022-08-16**): SECURITY ABB Central Licensing System Vulnerabilities, impact on System 800xA, Compact HMI and Control Builder Safe

2020-04-21 (**Updated 2021-07-01**): SECURITY Multiple Vulnerabilities in ABB Central Licensing System

2020-04-21 (**Updated 2021-10-19**): SECURITY Inter process communication vulnerability in System 800xA

2020-04-02 (**Updated 2021-07-01**): SECURITY System 800xA Weak File Permissions

2020-04-02: Vulnerabilities in Telephone Gateway TG/S 3.2

2020-04-02 (**Updated 2020-06-09**): SECURITY System 800xA Information Manager - Remote Code Execution

2020-04-02 (**Updated 2020-04-21**): SECURITY System 800xA Weak Registry Permissions

2020-02-20: Vulnerability in B&R Industrial Automation Automation Studio and Automation Runtime 

2020-02-12: Vulnerability in ABB Asset Suite - Direct Object Reference

2020-02-12: Vulnerabilities in ABB eSOMS

2019

2019-12-16: Cybersecurity Advisory - Multiple Vulnerabilities in ABB PB610 Panel Builder 600

2019-11-12: (**updated 2020-10-15**) Cybersecurity Advisory - Automation Builder 2.2 (and earlier), Drive Application Builder 1.0

2019-11-01: Cybersecurity Advisory - Power Generation Information Manager PGIM

2019-10-22: Vulnerabilities in Relion® 670 series and Relion® 650 series - OpenSSL

2019-10-22: Vulnerability in Relion® 650 series and Relion® 670 series - Terminal Reboot

2019-10-22: Vulnerability in Relion® 670 series - MMS Path Traversal

2019-10-22: Vulnerabilities in Relion® 650 series version 2.1 and Relion® 670 series version 2.1 - OpenSSL

2019-10-15: Vulnerability in UNO-DM - Improper Authentication

2019-10-11: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800PEC

2019-09-27: Vulnerability in Data Logger Web Server - Weak Session Management

2019-09-24: Cybersecurity Advisory - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800M

2019-09-18: Cybersecurity Advisory - VxWorks RPC Buffer Overflow Vulnerability

2019-08-07: (**Updated 2021-02-22**) Cybersecurity Advisory - B&R Products affected by VxWorks IPnet Vulnerabilities

2019-07-30: Cybersecurity Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Industrial Automation products

2019-07-30: Cybersecurity Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800PEC

2019-07-30: Cybersecurity Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on High Voltage Products

2019-07-30: Cybersecurity Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Power Grids - Grid Automation products

2019-07-30: Cybersecurity Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Robot Controller Software

2019-06-05: Vulnerabilities in ABB CP635 HMI

2019-06-05: Vulnerabilities in ABB PB610

2019-06-05: Vulnerabilities in ABB CP651 HMI