Authentication Bypass (CVE‑2025‑7705) in ABB Busch‑Welcome 2‑Wire Door Opener Actuator Enables Unauthorized Physical Access
What It Is — ABB’s Busch‑Welcome 2‑Wire Door Opener Actuator contains an authentication bypass flaw triggered by a default‑enabled compatibility mode. An attacker who exploits this weakness can open doors or lights without legitimate credentials, granting physical entry to secured premises.
Exploitability — The vulnerability is publicly disclosed (CVE‑2025‑7705) and assigned a CVSS v3 score of 6.8 (Medium). No public exploit code has been released, but the attack requires only local network access to the actuator, making exploitation feasible for adversaries with limited proximity.
Affected Products — ABB Busch‑Welcome 2‑Wire Door Opener Actuator, specifically:
- Switch Actuator 4 DU ‑ 83330 (all versions)
- Switch Actuator 4 DU ‑ 83330‑500 (all versions)
TPRM Impact — The flaw creates a tangible supply‑chain risk for organizations that rely on ABB’s physical‑access hardware in commercial facilities, data‑centers, and critical‑infrastructure sites. A compromised actuator can be leveraged to gain unauthorized entry, potentially facilitating theft, sabotage, or further network intrusion.
Recommended Actions —
- Immediately apply the on‑site mitigation: toggle the mode switch from “Door‑Open” to “Light” for one second, then return to “Door‑Open”, and restart the device.
- Verify that the compatibility mode is disabled permanently via the device configuration interface.
- Conduct a physical audit of all installed Busch‑Welcome actuators to confirm remediation.
- Update asset inventories and risk registers to reflect the new vulnerability status.
- Engage ABB support for firmware updates or additional hardening guidance.
Source: CISA Advisory – ICSA‑26‑148‑04