CISA 2026-05-26

ABB AbilityTM Zenon Remote Transport Vulnerability

CVE-2025-8754

Machine-generated analysis · WAYSCloud LLM

The vulnerability allows unauthorized reboot of the system via the Remote Transport Service due to missing authentication, but requires prior network access.

Context

ABB Ability™ Zenon is a software platform used in industrial automation. The advisory states that the zensyssrv.exe service, which manages the Remote Transport Service, lacks authentication for a critical function, allowing unauthenticated system reboots. Exploitation requires network access to the affected system, and there is no evidence of active exploitation. The vendor notes the product is deployed worldwide across multiple critical infrastructure sectors.

Operator considerations

Check: Inventory systems running ABB Ability™ Zenon versions 7.50 through 14.
Isolate: Restrict network access to systems with the ABB zenon Software Platform installed.
Patch: No patch is mentioned; the advisory only provides a network restriction workaround.
Log: Monitor network traffic for unauthorized access attempts to systems hosting the Remote Transport Service.

From Cybersecurity and Infrastructure Security Agency ↗

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. The vulnerability enables unauthorized access to the Reboot OS function within the Remote Transport Service, allowing an attacker to trigger a system reboot without the required authentication. This functionality initiates a system reboot on the target machine. However, remote exploitation of this vulnerability is not feasible unless the attacker has already gained access to the network where the affected ABB Ability™ zenon system is deployed. At the time of writing, there is no evidence that this vulnerability is being actively exploited in the wild.

The following versions of ABB AbilityTM Zenon Remote Transport Vulnerability are affected:

AbilityTM zenon >=7.50|=7.50|

Read the full advisory on CISA →