Critical Unauthorized Reboot Vulnerability in ABB Ability™ Zenon Remote Transport (CVE‑2025‑8754) Threatens Industrial Control Systems
What It Is – A missing‑authentication flaw in the Remote Transport Service of ABB Ability™ zenon (CVE‑2025‑8754) lets an attacker invoke the Reboot OS function without credentials. The bug exists in zenon versions 7.50 through 14.
Exploitability – Remote exploitation requires prior network foothold; no public exploits or wild activity have been observed. CVSS v3.1 base score 7.5 (High).
Affected Products – ABB Ability™ zenon (all releases ≥ 7.50 and ≤ 14) – specifically the zensyssrv.exe service that hosts Remote Transport.
TPRM Impact – Any third‑party that supplies or relies on ABB zenon for OT monitoring, SCADA, or HMI functions could experience unplanned system reboots, leading to production loss, safety incidents, and downstream supply‑chain disruption.
Recommended Actions –
- Verify deployment inventory; confirm version numbers against the affected range.
- Apply ABB‑provided patches or upgrade to a non‑vulnerable release (≥ 15).
- Restrict network access to the zenon host – segment OT networks and enforce firewall rules that block inbound traffic to the Remote Transport port.
- Disable the
zensyssrv.exeservice if Remote Transport is not required. - Conduct a focused penetration test to ensure no other unauthenticated control paths exist.
Source: CISA Advisory – ICSA‑26‑146‑03