

Multiple vulnerabilities have been identified in the following ICS-connected products: ABB Advant Master Online Builder, ABB Ability Edgenius, ABB T-MAC Plus, and Rockwell Automation 1715-AENTR EtherNet/IP Adapter. Successful exploitation could lead to unauthorized code execution, privilege escalation, sensitive information disclosure, unauthorized administrative access, cross-site scripting, denial-of-service conditions, and compromise of affected devices.
Large and medium government/business entities: High
CVE-2026-10577 (CVSS 10.0) - Missing authentication for critical function; unauthenticated remote attacker can access an exposed debug port to read/delete files, stop tasks, modify memory, and change I/O states. Affects versions up to 3.003. Fix: upgrade to version 3.011.
CVE-2025-14771 (CVSS Critical) - File disclosure allowing authenticated users to exfiltrate sensitive files via crafted HTTP GET request.
CVE-2025-14772 (CVSS High) - Broken access controls allowing unprivileged users to perform administrative operations.
CVE-2025-14773 (CVSS High) - Stored XSS allowing authenticated users to execute arbitrary HTML or JavaScript on victims' browsers.
CVE-2025-14774 (CVSS High) - Insecure network protocol enabling unauthenticated DoS of the Card Reader service. Affects T-MAC Plus 4.0-24. Fix: upgrade to version 4.0-25.
CVE-2026-31431 (CVSS 7.8) - Linux kernel privilege escalation (Copy Fail); locally authenticated user or compromised container can gain root privileges. Affects Edgenius 3.2.0.0 through 3.2.4.0. Fix: upgrade to Edgenius 3.2.4.1.
CVE-2025-13162 (CVSS 4.4) - Uncontrolled search path element; improper DLL loading from untrusted directories can lead to unauthorized code execution. Affects Control Builder A up to 1.4/4 and 800xA for Advant Master multiple versions. Fix: Control Builder A 1.4/5; 800xA versions 6.1.1-5 and 6.2.0-3 or later.
Apply vendor-provided updates for all affected ICS products immediately. Restrict physical and network access to ICS environments. Enforce strong passwords and change them regularly. Disable removable media ports where not required. Limit SSH and management interface access. Follow ABB and Rockwell Automation security best practices.
Trusted by clients worldwide






Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.




