CISA 2026-04-30

ABB Ability OPTIMAX

CVE-2025-14510

Machine-generated analysis · WAYSCloud LLM

An authentication bypass vulnerability affects ABB Ability OPTIMAX systems integrated with Azure AD SSO. Versions 6.1 and 6.2 are all affected, while specific versions of 6.3 and 6.4 require patching.

Context

ABB Ability OPTIMAX is an industrial software platform used primarily in the energy and water/wastewater sectors. The advisory states that exploitation allows bypassing user authentication when Azure Active Directory Single-Sign On integration is configured. The vulnerability has been assigned a CVSS v3 score of 8.1.

Operator considerations

Check: Verify if your OPTIMAX installation uses Azure AD SSO integration
Patch: Upgrade to OPTIMAX 6.3.1-251120 or 6.4.1-251120 as specified in the ABB advisory

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration.

The following versions of ABB Ability OPTIMAX are affected:

ABB Ability OPTIMAX 6.1 vers:all/*

ABB Ability OPTIMAX 6.2 vers:all/*

ABB Ability OPTIMAX 6.3

Read the full advisory on CISA →