Buffer Over‑read in ABB AC500 V2 PLC (CVE‑2025‑7745) Risks Modbus Data Leakage
What It Is – A medium‑severity (CVSS 5.8) buffer‑over‑read vulnerability in the Modbus server of ABB AC500 V2 programmable logic controllers. Sending unsupported Modbus function codes can cause the PLC to append fragments of previous responses to the current reply, exposing historic control‑system telemetry.
Exploitability – No public exploit code has been released, but the vulnerability is trivially exploitable over the network (AV:N, AC:L). An attacker with access to the PLC’s Modbus interface can harvest partial telegram data without authentication.
Affected Products – ABB AC500 V2 firmware ≤ 2.5.2 (all hardware revisions). The issue is patched in firmware 2.5.3 (released 2016) and later.
TPRM Impact –
- Suppliers that embed ABB AC500 V2 PLCs in manufacturing, energy, or water‑treatment equipment may inadvertently expose operational data to adversaries.
- Data leakage can aid reconnaissance for downstream attacks on critical infrastructure, increasing supply‑chain risk for downstream customers.
Recommended Actions –
- Verify firmware version on all ABB AC500 V2 devices; upgrade to 2.5.3 or newer immediately.
- Segregate PLC networks from corporate IT and enforce strict firewall rules limiting Modbus traffic to authorized sources.
- Deploy intrusion‑detection signatures that flag unsupported Modbus function codes and anomalous response sizes.
- Review vendor advisories and maintain an inventory of legacy PLCs for accelerated patching.
Source: CISA Advisory – ICSA‑26‑146‑02