View CSAF Summary ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs – unless it is disabled The following versions of ABB Automation Builder Gateway for Windows are affected: Automation Builder <2.9.0, 2.9.0 CVSS Vendor Equipment Vulnerabilities v3 5.3 ABB ABB Automation Builder Gateway for Windows Initialization of a Resource with an Insecure Default Background Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2024-41975 The gateway serves as a communication channel for various clients to AC500 PLCs.…