ABB Flaw Lets Hackers Seize Control of Load Devices
ABB has confirmed a critical security flaw in its ALS-mini-S4 and S8 IP intelligent load controllers, exposing energy infrastructure to serious risk. Tracked as CVE-2025-9574 and rated 9.9 on the CVSS scale, the vulnerability stems from missing authentication, allowing remote attackers to gain admin-level access without credentials. The ABB flaw lets hackers fully control these end-of-life devices, which are still in use across various industrial environments.
The affected controllers, no longer supported by ABB, remain active in critical systems, heightening the threat posed by this exploit. Despite the lack of a patch for these legacy products, operators must urgently assess exposure and isolate vulnerable units. The ABB flaw lets hackers bypass all access controls, making detection and prevention challenging without additional network safeguards.
Security researchers also flagged several other vulnerabilities, including CVE-2025-11371 and CVE-2025-27915, further emphasizing the need for immediate action.
Read the full report here: