ABB Cylon FLXeon: Default Passwords Leave Smart Buildings Vulnerable!

ABB Cylon FLXeon controllers are a marvel of modern building automation, except when they hand over the keys to the castle with weak default credentials. Hackers could have a field day, turning your smart building into a smart-alec. Time to change those passwords before your HVAC starts throwing its own house party!

1P
Published: April 11, 2025 2:14 pmAdded: April 11, 2025 at 7:35 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In an era where passwords are as precious as gold, ABB decided to go with the “password123” approach for their FLXeon series. It’s like leaving your front door wide open with a “Welcome!” mat that hackers absolutely adore. Well, at least they’re keeping the cybercriminals employed!

Key Points:

  • ABB Cylon FLXeon controllers have default credentials that are weak and easily guessable.
  • These credentials can be exploited in remote password attacks to gain system control.
  • The affected series includes FLXeon, CBX, CBT, CBV, and UC32.
  • The vulnerability was discovered by Gjoko ‘LiquidWorm’ Krstic from Zero Science Lab.
  • The issue affects firmware version 9.3.4 and earlier.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?