SB2025052326 - Multiple vulnerabilities in ABB Automation Builder

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2025-3394)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A local user can modify parts of the Automation Builder project file by specially crafting contents so the user management will be overruled.

2) Incorrect permission assignment for critical resource (CVE-ID: CVE-2025-3395)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A local user can modify parts of the files to change the project by overruling the Automation Builder user management.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://search.abb.com/library/Download.aspx?DocumentID=3ADR011407&LanguageCode=en&DocumentPartId=&Action=Launch
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-04