Vulnerability-Lookup

WID-SEC-W-2026-1086

Vulnerability from csaf_certbund - Published: 2026-04-13 22:00 - Updated: 2026-04-13 22:00

Summary

ABB 800xA CI868 (für AC 800M) und PM877 (Symphony Plus MR): Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: 800xA ist ein Prozessleitsystem des Herstellers ABB zur Automatisierung verfahrenstechnischer Prozesse. Symphony Melody ist ein Prozessleitsystem des Herstellers ABB zur Automatisierung verfahrenstechnischer Prozesse.

Angriff: Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in ABB 800xA und ABB Symphony Melody ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - BIOS/Firmware - Sonstiges - UNIX - Windows

CVE-2025-3756

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
ABB Symphony Melody Plus MR PM 877 <3.53 ABB / Symphony Melody		Plus MR PM 877 <3.53
ABB 800xA AC800M CI868 <6.1.1 ABB / 800xA		AC800M CI868 <6.1.1
ABB 800xA AC800M CI868 <7.0 ABB / 800xA		AC800M CI868 <7.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://search.abb.com/library/Download.aspx?Docu…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "800xA ist ein Prozessleitsystem des Herstellers ABB zur Automatisierung verfahrenstechnischer Prozesse.\r\nSymphony Melody ist ein Prozessleitsystem des Herstellers ABB zur Automatisierung verfahrenstechnischer Prozesse.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in ABB 800xA und ABB Symphony Melody ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1086 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1086.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1086 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1086"
      },
      {
        "category": "external",
        "summary": "ABB Cybersecurity Advisory vom 2026-04-13",
        "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
      }
    ],
    "source_lang": "en-US",
    "title": "ABB 800xA CI868 (f\u00fcr AC 800M) und PM877 (Symphony Plus MR): Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2026-04-13T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-14T11:05:26.969+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1086",
      "initial_release_date": "2026-04-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "AC800M CI868 \u003c6.1.1",
                "product": {
                  "name": "ABB 800xA AC800M CI868 \u003c6.1.1",
                  "product_id": "T052737"
                }
              },
              {
                "category": "product_version",
                "name": "AC800M CI868 6.1.1",
                "product": {
                  "name": "ABB 800xA AC800M CI868 6.1.1",
                  "product_id": "T052737-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:abb:800xa:ac800m_ci868__6.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "AC800M CI868 \u003c7.0",
                "product": {
                  "name": "ABB 800xA AC800M CI868 \u003c7.0",
                  "product_id": "T052738"
                }
              },
              {
                "category": "product_version",
                "name": "AC800M CI868 7.0",
                "product": {
                  "name": "ABB 800xA AC800M CI868 7.0",
                  "product_id": "T052738-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:abb:800xa:ac800m_ci868__7.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "800xA"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Plus MR PM 877 \u003c3.53",
                "product": {
                  "name": "ABB Symphony Melody Plus MR PM 877 \u003c3.53",
                  "product_id": "T052739"
                }
              },
              {
                "category": "product_version",
                "name": "Plus MR PM 877 3.53",
                "product": {
                  "name": "ABB Symphony Melody Plus MR PM 877 3.53",
                  "product_id": "T052739-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:abb:symphony_melody:plus_mr_pm_877__3.53"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Symphony Melody"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-3756",
      "product_status": {
        "known_affected": [
          "T052739",
          "T052737",
          "T052738"
        ]
      },
      "release_date": "2026-04-13T22:00:00.000+00:00",
      "title": "CVE-2025-3756"
    }
  ]
}

CVE-2025-3756 (GCVE-0-2025-3756)

Vulnerability from cvelistv5 – Published: 2026-04-13 17:11 – Updated: 2026-04-13 18:03

Title

Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850

Summary

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation. The System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function. This issue affects AC800M (System 800xA): from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.

Severity

7.1 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1284 - Improper validation of specified quantity in input

Assigner

ABB

References

1 reference

URL	Tags
https://search.abb.com/library/Download.aspx?Docu…

Impacted products

4 products

Vendor	Product	Version
ABB	AC800M (System 800xA)	Affected: 6.0.0x , ≤ 6.0.0303.0 (custom) Affected: 6.1.0x , ≤ 6.1.0031.0 (custom) Affected: 6.1.1x , ≤ 6.1.1004.0 (custom) Affected: 6.1.1x , ≤ 6.1.1202.0 (custom) Affected: 6.2.0x , ≤ 6.2.0006.0 (custom)
ABB	Symphony Plus SD Series	Affected: A_0 (custom) Affected: A_1 (custom) Affected: A_2.003 (custom) Affected: A_3.005 (custom) Affected: A_4.001 (custom) Affected: B_0.005 (custom)
ABB	Symphony Plus MR (Melody Rack)	Affected: 3.10 , ≤ 3.52 (custom)
ABB	S+ Operations	Affected: 2.1 (custom) Affected: 2.2 (custom) Affected: 2.3 (custom) Affected: 3.3 (custom)

Credits

ABB thanks Hitachi Energy for sharing the information affecting a commonly used software component.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T18:02:41.810841Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T18:03:41.437Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "CI868"
          ],
          "product": "AC800M (System 800xA)",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "6.0.0303.0",
              "status": "affected",
              "version": "6.0.0x",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.0031.0",
              "status": "affected",
              "version": "6.1.0x",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.1004.0",
              "status": "affected",
              "version": "6.1.1x",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.1202.0",
              "status": "affected",
              "version": "6.1.1x",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.2.0006.0",
              "status": "affected",
              "version": "6.2.0x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "CI850"
          ],
          "product": "Symphony Plus SD Series",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "A_0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "A_1",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "A_2.003",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "A_3.005",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "A_4.001",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "B_0.005",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "PM 877"
          ],
          "product": "Symphony Plus MR (Melody Rack)",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.52",
              "status": "affected",
              "version": "3.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "2.1",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.2",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2.3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "3.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ABB thanks Hitachi Energy for sharing the information affecting a commonly used software component."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eA vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp; \u0026nbsp;\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThis issue affects AC800M (System 800xA):\u0026nbsp;\u003cspan\u003efrom 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication interfaces of the PM 877, CI850 and CI868 modules into fault mode or causing unavailability of the S+ Operations 61850 connectivity, resulting in a denial-of-service situation.\u00a0\n\n\n\n\nThe System 800xA IEC61850 Connect is not affected. Note: This vulnerability does not impact on the overall availability and functionality of the S+ Operations node, only the 61850 communication function.\n\n\u00a0 \u00a0\n\n\n\nThis issue affects AC800M (System 800xA):\u00a0from 6.0.0x through 6.0.0303.0, from 6.1.0x through 6.1.0031.0, from 6.1.1x through 6.1.1004.0, from 6.1.1x through 6.1.1202.0, from 6.2.0x through 6.2.0006.0; Symphony Plus SD Series: A_0, A_1, A_2.003, A_3.005, A_4.001, B_0.005; Symphony Plus MR (Melody Rack): from 3.10 through 3.52; S+ Operations: 2.1, 2.2, 2.3, 3.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T17:11:08.412Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA020125\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service Vulnerabilities in System  800xA, Symphony\u00ae Plus IEC 61850",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2025-3756",
    "datePublished": "2026-04-13T17:11:08.412Z",
    "dateReserved": "2025-04-17T10:42:33.414Z",
    "dateUpdated": "2026-04-13T18:03:41.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1086

CVE-2025-3756 (GCVE-0-2025-3756)

Tags

Sightings

Nomenclature