ABB building automation systems zero-day remote root flaws security flaw
Vulnerability
Summary
Hide ▲
Show ▼
ABB-linked building automation systems in over 30 countries and 220 cities were found to contain 800+ vulnerabilities, including many zero-days and unauthenticated remote root exploits. The flaws create remote takeover risk for real-world infrastructure. ABB also issued fixes for some issues, including patches without CVEs.
Related Happenings
Vision Space's exploit-chaining analysis of space mission systems
Technical Analysis
First: 20.08.2025 21:16
Last: 20.08.2025 21:16
Sources 1
About this happening:
At **Black Hat USA 2025**, **Vision Space** disclosed chained flaws in **space mission systems** that could let an attacker seize mission control, issue **arbitrary spacecraft com...
Vision Space's exploit-chaining analysis of space mission systems
Technical AnalysisAbout this happening: At **Black Hat USA 2025**, **Vision Space** disclosed chained flaws in **space mission systems** that could let an attacker seize mission control, issue **arbitrary spacecraft com...
Timeline
-
30.10.2025 23:37 2 articles · 6mo ago
Project Brainfog exposes more than 800 vulnerabilities in ABB-linked building automation systems
Initial DisclosureGjoko Krstic of Zero Science Lab disclosed Project Brainfog findings that identified more than 800 vulnerabilities, many zero-day, in building automation systems across over 30 countries and 220 cities. The exposed controller lineage traces back to an 18-year-old codebase originally written by American Auto-Matrix in 2008 and later acquired by Cylon Controls and ABB, with issues including backdoors, default credentials, buffer overflows, unencrypted firmware, and unauthenticated remote root exploits that could enable remote takeover of building systems.
Show sources
- An 18-Year-Old Codebase Left Smart Buildings Wide Open — www.darkreading.com — 30.10.2025 23:37
- An 18-Year-Old Codebase Left Smart Buildings Wide Open — www.darkreading.com — 30.10.2025 23:37