{
"title": "ABB Patches Critical Authentication Bypass in ASPECT, NEXUS, and MATRIX BMS",
"content": "ABB has rushed out firmware updates for its ASPECT, NEXUS, and MATRIX building management systems (BMS) after researchers discovered that debug code inadvertently left in production firmware created a critical backdoor allowing unauthenticated attackers to hijack devices remotely. The most severe flaw, tracked as CVE-2025-53187 with a CVSS v4 score of 9.3, lets attackers bypass authentication entirely, change system clocks, access sensitive files, and execute privileged functions without credentials. Accompanied by a denial-of-service buffer overflow (CVE-2025-7677) and a missing authentication issue for critical functions (CVE-2025-7679), the trio of vulnerabilities threatens to upend building automation and industrial control environments across the globe.
A Debug Code Blunder Opens the Door
The root cause of CVE-2025-53187 is a stunning oversight: ABB shipped production firmware with debugging functionality enabled, creating an alternate authentication channel that completely sidesteps normal login controls. Gjoko Krstikj of Zero Science Lab reported the issue to CISA, which published advisory ICSA-25-252-02 on February 20, 2025. According to the advisory, \"code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication.\" An unauthenticated attacker can exploit this vulnerability over the network to change system time, access files, and invoke function calls — effectively assuming control of the target device.
The debug code flaw earned a maximum CVSS v3.1 base score of 9.8 and a CVSS v4 score of 9.3, reflecting its low attack complexity, network-based attack vector, and critical impact on confidentiality, integrity, and availability. ABB has now released patched firmware version 3.08.04-s01 for all affected product lines, explicitly resolving this vulnerability.
Two More High-Impact Flaws
Researchers uncovered two additional vulnerabilities alongside the authentication bypass:
CVE-2025-7677: Buffer Overflow Leading to Denial of Service This classic buffer copy flaw (CWE-120) occurs when the device fails to check the size of input, allowing a crafted payload to overflow a buffer and crash the software. CISA warns that an attacker with local network access can trigger a denial-of-service condition. The CVSS v4 score for this vulnerability is 8.2, indicating a high availability impact. While the advisory stops short of confirming code execution, memory corruption bugs often raise the specter of remote code execution, making this a priority for defense-in-depth.
CVE-2025-7679: Missing Authentication for Critical Functions Certain API endpoints or management functions in the ASPECT system fail to enforce any authentication. An attacker on a reachable network segment can invoke privileged operations, modify settings, or read sensitive data without ever providing credentials. With a CVSS v4 score of 9.2, this vulnerability directly undermines system integrity and confidentiality.
Affected Products and the Global Footprint
The flaws reside in firmware versions prior to 3.08.04-s01 across three AB