Bg ShapeBg Shape
THREAT INTELLIGENCE

Multiple Vulnerabilities in Industrial Control Systems - 15th July 2026

Multiple vulnerabilities have been identified in the following ICS-connected products: ABB Advant Master Online Builder, ABB Ability Edgenius, ABB T-MAC Plus, and Rockwell Automation 1715-AENTR EtherNet/IP Adapter. Successful exploitation could lead to unauthorized code execution, privilege escalation, sensitive information disclosure, unauthorized administrative access, cross-site scripting, denial-of-service conditions, and compromise of affected devices.

Risk

Large and medium government/business entities: High

Rockwell Automation 1715-AENTR EtherNet/IP Adapter

CVE-2026-10577 (CVSS 10.0) - Missing authentication for critical function; unauthenticated remote attacker can access an exposed debug port to read/delete files, stop tasks, modify memory, and change I/O states. Affects versions up to 3.003. Fix: upgrade to version 3.011.

ABB T-MAC Plus

CVE-2025-14771 (CVSS Critical) - File disclosure allowing authenticated users to exfiltrate sensitive files via crafted HTTP GET request.

CVE-2025-14772 (CVSS High) - Broken access controls allowing unprivileged users to perform administrative operations.

CVE-2025-14773 (CVSS High) - Stored XSS allowing authenticated users to execute arbitrary HTML or JavaScript on victims' browsers.

CVE-2025-14774 (CVSS High) - Insecure network protocol enabling unauthenticated DoS of the Card Reader service. Affects T-MAC Plus 4.0-24. Fix: upgrade to version 4.0-25.

ABB Ability Edgenius

CVE-2026-31431 (CVSS 7.8) - Linux kernel privilege escalation (Copy Fail); locally authenticated user or compromised container can gain root privileges. Affects Edgenius 3.2.0.0 through 3.2.4.0. Fix: upgrade to Edgenius 3.2.4.1.

ABB Advant Master Online Builder

CVE-2025-13162 (CVSS 4.4) - Uncontrolled search path element; improper DLL loading from untrusted directories can lead to unauthorized code execution. Affects Control Builder A up to 1.4/4 and 800xA for Advant Master multiple versions. Fix: Control Builder A 1.4/5; 800xA versions 6.1.1-5 and 6.2.0-3 or later.

Recommendations

Apply vendor-provided updates for all affected ICS products immediately. Restrict physical and network access to ICS environments. Enforce strong passwords and change them regularly. Disable removable media ports where not required. Limit SSH and management interface access. Follow ABB and Rockwell Automation security best practices.

Download the Full Report

Explore More of the Latest Threat Intelligence

Trusted by clients worldwide

Logo
Logo
Logo
Logo
Logo
Logo

Your 24/7 Security Partner

Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.

Awards Image
Awards Image
Awards Image
Awards Image
Awards Image
Awards Image