Ddos 
Industrial automation giant ABB has released a critical security advisory warning of a severe vulnerability in its Ability™ OPTIMAX® energy management system. The flaw, which affects specific versions integrating with Microsoft’s Azure Active Directory (Azure AD), could allow attackers to bypass authentication entirely and seize control of critical industrial operations.
The vulnerability, tracked as CVE-2025-14510, carries a “Critical” severity rating with a CVSS v4.0 score of 9.2, reflecting its potential to grant unauthorized users full administrative access.
According to the advisory, the vulnerability lies within the Single-Sign On (SSO) integration mechanism. A successful exploit does not require valid credentials; instead, an attacker can manipulate the authentication process to impersonate a legitimate user.
“The vulnerability allows an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration.”
This bypass is particularly dangerous because it grants the attacker the same privileges as the user they are impersonating. In an industrial context, this access could be catastrophic.
“An attacker who successfully exploits this vulnerability could bypass user authentication and potentially cause the product to: Shutdown the system, Modify the configuration of the system, Install and run arbitrary code.”
The flaw impacts ABB Ability OPTIMAX versions 6.1, 6.2, 6.3, and 6.4 released prior to November 20, 2025. ABB has released patches to address the issue and is urging customers to update immediately.
The problem is corrected in the following product versions:
- ABB Ability OPTIMAX v6.4.1-251120 (see References 9AKK108472A0435) or later
- ABB Ability OPTIMAX v6.3.1-251120 (see References 9AKK108472A0437) or later
For organizations unable to patch immediately, the advisory suggests a drastic but effective workaround: “A workaround is to deactivate the Azure Active Directory integration and fall back to OPTIMAX’s standard user authentication mechanism.”
Related Posts:
- Urgent Action Needed: ABB ASPECT Vulnerabilities Expose Buildings to Cyberattacks
- ABB Door Communication Systems exposed serious flaws
- ABB ASPECT BMS Critical Flaws: RCE and Privilege Escalation Risks
- CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
