## ABB EIBPORT Vulnerabilities Addressed with Firmware Update **ABB** has issued a security advisory regarding vulnerabilities in its EIBPORT building management system. The vulnerabilities, if exploited, could grant unauthorized access to sensitive data and allow modification of device configurations. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-03.json) ### Affected Products The following versions of ABB EIBPORT are affected: * EIBPORT V3 KNX (2CLA963710W1001) < 3.9.2 * EIBPORT V3 KNX (2CSM256242R2001) < 3.9.2 * EIBPORT V3 KNX GSM (2CLA963720W1001) < 3.9.2 ### Vulnerability Details The primary vulnerability identified is an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). | CVSS | Vendor | Equipment | Vulnerabilities | | :----- | :----- | :------------- | :--------------------------------------------------------------------------- | | v3 8 | ABB | ABB EIBPORT | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ### Background * **Critical Infrastructure Sectors:** Critical Manufacturing, Information Technology * **Countries/Areas Deployed:** Worldwide * **Company Headquarters Location:** Switzerland ### Mitigation ABB recommends implementing standard security practices, including: * Physically protecting process control systems from unauthorized access. * Avoiding direct connections to the internet. * Separating control systems from other networks using firewalls with minimal port exposure. * Avoiding internet surfing, instant messaging, or email on control systems. * Scanning portable computers and removable storage media for viruses before connecting to a control system. ### Remediation Apply the latest firmware update (version 3.9.2 or later) to the affected EIBPORT devices. This update addresses the vulnerabilities by improving session management and hardening product configurations. ### Acknowledgements **Psytester** reported this vulnerability to ABB. ### CISA Recommendations The **Cybersecurity and Infrastructure Security Agency (CISA)** recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.