ABB Zenon Remote Service Flaw Allows Unauthenticated Reboots

CISA released an advisory on May 26, 2026, concerning a vulnerability in the ABB Ability™ Zenon Remote Transport Service (Advisory code: ICSA-26-146-03). This vulnerability allows unauthorized access to the Reboot OS function, enabling attackers to reboot the system without authentication. However, exploitation requires prior network access. Affected versions include ABB Ability™ Zenon from >=7.50 to <=14. The CVSS score for this vulnerability is 7.5, classified as high severity. Recommendations include restricting network access and assessing the necessity of the Remote Transport functionality.