CISA 2026-05-12

ABB Automation Builder Gateway for Windows

CVE-2024-41975

Machine-generated analysis · WAYSCloud LLM

The Windows gateway listens remotely on port 1217 by default, which may expose PLC networks to scanning. Many users are unaware of this remote access feature as it is typically used locally.

Context

ABB Automation Builder Gateway for Windows is a communication channel for clients to access AC500 PLCs. The advisory states the gateway defaults to listening on all network adapters, allowing unauthenticated remote scanning for PLCs. The advisory notes that remote access is only required in certain network configurations and is often installed unknowingly as part of other setups.

Operator considerations

Check: Gateway configuration file [CmpGwCommDrvTcp] section for 'LocalAddress' setting
Isolate: Restrict network access to port 1217 if remote access is not required
Patch: Upgrade to Automation Builder version 2.9.0

From Cybersecurity and Infrastructure Security Agency ↗

ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs – unless it is disabled

The following versions of ABB Automation Builder Gateway for Windows are affected:

Automation Builder

Read the full advisory on CISA →