THE CISA advisory ICSA-26-146-02, released on May 26, 2026, addresses vulnerabilities in the ABB AC500 V2, specifically versions 2.5.2 and 2.5.3. An attacker could exploit this vulnerability to access fragments of Modbus telegrams sent by the PLC. The advisory ranks the CVSS score at 5.8, indicating medium severity.
The document highlights the affected sectors, including Critical Manufacturing and Energy, and recommends users minimize network exposure, use secure remote access, and implement cybersecurity strategies to mitigate risks. ABB has provided fixes in firmware version 2.5.3 and later. For further details, users are directed to existing CISA resources and recommendations.