Multiple Critical ABB AC500 V3 Vulnerabilities Expose Industrial Control Systems to Access Bypass, Certificate Manipulation, and Denial-of-Service Risks

Threat Summary

Category: ICS Advisory / Industrial Control System Vulnerabilities
Features: User Management Bypass, Certificate Access Exposure, Denial-of-Service Conditions
Delivery Method: Remote Network Exploitation
Threat Actor: Opportunistic Threat Actors / Industrial Reconnaissance and Intrusion Activity

---

The Cybersecurity and Infrastructure Security Agency has republished an industrial control systems advisory covering multiple vulnerabilities affecting ABB AC500 V3 programmable logic controllers used across critical infrastructure environments. The advisory is identified as ICSA-26-132-03 and addresses flaws that can enable user-management bypass, certificate and key access, and denial-of-service conditions inside operational technology networks.

According to the advisory, affected products include ABB AC500 V3 versions earlier than 3.9.0 and ABB AC500 V3 version 3.9.0. The vulnerabilities are tracked as CVE-2025-2595, CVE-2025-41659, and CVE-2025-41691. They do not share a single collective score. CVE-2025-2595 carries a CVSS v3 score of 5.3, CVE-2025-41659 carries a CVSS v3 score of 8.3, and CVE-2025-41691 carries a CVSS v3 score of 7.5.

Federal and vendor guidance indicate that successful exploitation could allow attackers to bypass user-management protections and read visualization files, read and write certificates and cryptographic keys, or trigger denial-of-service conditions affecting industrial operations. Exploitation is possible remotely if attackers gain network access to affected systems.

ABB AC500 V3 controllers are deployed across industrial environments that support energy infrastructure, water and wastewater operations, chemical processing, critical manufacturing, motion control, and safety-oriented automation. That deployment profile gives certificate exposure and access-control failures added weight because compromised trust material can weaken secure engineering workflows, device authentication, and communications integrity across industrial networks.

The advisory notes that the vulnerabilities have already been publicly disclosed, increasing the likelihood of scanning activity, proof-of-concept development, and broader exploitation research targeting exposed operational technology assets. ABB stated that it had not received reports of active exploitation at the time of publication.

Federal guidance continues to stress that operational technology systems should remain isolated from direct internet exposure and segmented from enterprise business networks wherever possible. Operators are encouraged to minimize exposed services, place control environments behind properly configured firewalls, and maintain hardened remote access pathways when connectivity is operationally necessary.

Industrial environments continue absorbing more cyber risk as engineering systems, remote maintenance pathways, cloud-connected management platforms, and operational analytics tools increase connectivity across infrastructure ecosystems that were originally designed for isolation. In that setting, even moderate access-control failures or certificate-handling weaknesses can become strategic exposure points inside systems that support essential public services.

---

Infrastructure at Risk

• Industrial programmable logic controllers.
• Energy production and distribution systems.
• Water and wastewater control environments.
• Chemical processing infrastructure.
• Manufacturing automation systems.
• Industrial certificate management environments.
• Engineering workstation ecosystems.
• Safety-critical operational technology systems.

Organizations operating ABB AC500 V3 systems may face elevated risk if industrial environments remain externally accessible or lack strong segmentation architecture.

---

Policy / Allied Pressure

Federal infrastructure security agencies continue pressing industrial operators to strengthen operational technology hardening as publicly disclosed ICS vulnerabilities affect widely deployed automation platforms. The republication of ABB’s PSIRT advisory through federal channels reflects continued concern surrounding vulnerabilities that can weaken authentication controls, expose cryptographic resources, and destabilize industrial operations tied to public infrastructure continuity.

---

Vendor Defense / Reliance

ABB has released mitigations intended to address the identified vulnerabilities and strengthen affected AC500 V3 deployments. Organizations using ABB industrial infrastructure should review exposure levels, validate certificate security practices, audit access controls, and apply vendor mitigations where operationally feasible.

---

Forecast — 30 Days

• Increased reconnaissance targeting ABB operational technology environments.
• Expanded proof-of-concept research surrounding the disclosed CVEs.
• Greater scrutiny toward industrial certificate management systems.
• Increased segmentation and access-control audits.
• Elevated concern surrounding exposed engineering infrastructure.
• Continued pressure toward operational technology modernization and hardening.
• Rising monitoring activity involving industrial authentication-bypass and certificate-access vulnerabilities.

---

TRJ Verdict

Industrial cybersecurity failures do not always begin with destructive sabotage. They often begin with permissions, trust relationships, and cryptographic controls degrading quietly inside operational systems. When attackers gain paths into visualization environments, certificate stores, or authentication workflows, the risk moves beyond isolated technical weakness and into broader infrastructure exposure capable of supporting follow-on intrusion activity.

The larger warning is structural. Industrial environments are becoming more interconnected while inheriting more identity systems, remote management pathways, and cryptographic dependencies than they were originally designed to carry. In that kind of architecture, even moderate control failures can evolve into serious operational risk across energy, water, manufacturing, and public utility environments.

ICS Advisory: ICSA-26-132-03
Release Date: May 12, 2026
CVEs: CVE-2025-2595, CVE-2025-41659, CVE-2025-41691
Affected Product: ABB AC500 V3
CVSS v3 Scores: 5.3, 8.3, 7.5
Vulnerability Types: Forced Browsing, Incorrect Permission Assignment for Critical Resource, NULL Pointer Dereference
Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater
Vendor Headquarters: Switzerland
Reported By: ABB PSIRT

---

---

---

---

---

---

---

---

🔥 NOW AVAILABLE! 🔥

‎👉 Eclipsera – Apple Music

---

---

---

---

---