ABB AC500 V2 Controller Vulnerability Allows Data Access

ABB has disclosed a buffer over-read vulnerability (CVE-2025-7745) affecting its AC500 V2 industrial controller used in critical manufacturing, energy, and water sectors worldwide. Attackers exploiting this flaw could intercept fragments of previously sent Modbus telegrams from the programmable logic controller. The vulnerability affects versions 2.5.2 and earlier. The CVSS score of 5.8 indicates medium severity with network-based access possible without authentication. ABB released firmware version 2.5.3 (2016) and later versions to address the issue. Industrial organizations operating AC500 V2 systems should prioritize updating to patched firmware versions immediately. Source: CISA.