CISA 2026-05-28

ABB Busch-Welcome 2 Wire Door Opener Actuator

CVE-2025-7705

Machine-generated analysis · WAYSCloud LLM

The advisory states that toggling the mode switch and restarting power can recalibrate the system to correct the misconfiguration.

Context

The affected product is the ABB Busch-Welcome 2 Wire Door Opener Actuator, used in commercial facilities. The advisory describes an authentication bypass due to compatibility mode being enabled by default, which could allow unauthorized physical access to a building. The mitigation does not involve a firmware update but instead a specific manual sequence to trigger recalibration. Worth noting is that the vulnerability stems from active debug code, which the advisory explicitly attributes to CWE-489.

Operator considerations

- Check: Verify if ABB Busch-Welcome 2 Wire Door Opener Actuators are present in the environment
- Isolate: Ensure affected actuators are not accessible to unauthorized personnel
- Patch: Perform the mode switch toggle and power reset procedure as specified by ABB
- Log: Monitor physical access logs for any unauthorized entry attempts

From Cybersecurity and Infrastructure Security Agency ↗

ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could gain physical, unauthorized access to a Building where the product is installed

The following versions of ABB Busch-Welcome 2 Wire Door Opener Actuator are affected:

Switch Actuator 4 DU vers:all/*

Switch actuator, door/light 4 DU vers:all/*

Vendor

Equipment

ABB

ABB Busch-Welcome 2 Wire Door Opener Actuator

Active Debug Code

Critical Infrastructure Sectors: Commercial Facilities

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Switzerland

Authentication bypass due to compatibility mode enabled by default

ABB Busch-Welcome 2 Wire Door Opener Actuator

MitigationThe following actions need to be executed on premise where the respective Busch-Welcome® System is installed: • While the Busch-Welcome® Syst...

Read the full advisory on CISA →