HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Unauthorized Reboot Vulnerability in ABB Ability™ Zenon Remote Transport (CVE‑2025‑8754) Threatens Industrial Control Systems

ABB Ability™ zenon versions 7.50‑14 contain a missing‑authentication flaw that allows an attacker with network access to trigger an unauthenticated system reboot. The issue can cause service disruption across chemical, energy, manufacturing, and other critical‑infrastructure sectors, making it a high‑priority TPRM concern.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical Unauthorized Reboot Vulnerability in ABB Ability™ Zenon Remote Transport (CVE‑2025‑8754) Threatens Industrial Control Systems

What It Is – A missing‑authentication flaw in the Remote Transport Service of ABB Ability™ zenon (CVE‑2025‑8754) lets an attacker invoke the Reboot OS function without credentials. The bug exists in zenon versions 7.50 through 14.

Exploitability – Remote exploitation requires prior network foothold; no public exploits or wild activity have been observed. CVSS v3.1 base score 7.5 (High).

Affected Products – ABB Ability™ zenon (all releases ≥ 7.50 and ≤ 14) – specifically the zensyssrv.exe service that hosts Remote Transport.

TPRM Impact – Any third‑party that supplies or relies on ABB zenon for OT monitoring, SCADA, or HMI functions could experience unplanned system reboots, leading to production loss, safety incidents, and downstream supply‑chain disruption.

Recommended Actions

  • Verify deployment inventory; confirm version numbers against the affected range.
  • Apply ABB‑provided patches or upgrade to a non‑vulnerable release (≥ 15).
  • Restrict network access to the zenon host – segment OT networks and enforce firewall rules that block inbound traffic to the Remote Transport port.
  • Disable the zensyssrv.exe service if Remote Transport is not required.
  • Conduct a focused penetration test to ensure no other unauthenticated control paths exist.

Source: CISA Advisory – ICSA‑26‑146‑03

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-03

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →