ABB Ability OPTIMAX
Summary
ABB Ability OPTIMAX versions 6.1, 6.2, 6.3 (prior to 6.3.1-251120), and 6.4 (prior to 6.4.1-251120) are affected by CVE-2025-14510. This vulnerability allows an attacker to bypass user authentication by exploiting the Azure Active Directory Single-Sign On integration.
IFF Assessment
This vulnerability allows for unauthorized access, which is detrimental to defenders.
Severity
The CVSS score of 8.1 reflects a high severity due to the authentication bypass vulnerability. The attack vector is likely network-based, and the impact includes a significant compromise of confidentiality and integrity by allowing unauthorized access.
Defender Context
This alert highlights a critical authentication bypass vulnerability in ABB's OPTIMAX software, which is deployed in energy and water critical infrastructure. Defenders must prioritize patching or implementing mitigations for affected versions to prevent unauthorized access and potential operational disruptions. The reliance on Azure AD SSO for authentication means that any compromise could have wide-reaching implications if not addressed promptly.