CVE-2025-7745 is a medium-severity buffer over-read vulnerability identified in ABB's AC500 V2 programmable logic controller (PLC) product line, affecting versions up to 2.5.2. The vulnerability is classified under CWE-126, which involves reading data beyond the intended buffer boundaries. This flaw can occur when the software attempts to read more data than allocated in a buffer, potentially exposing sensitive information or causing unexpected behavior. The CVSS 3.1 base score is 5.8, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C). The impact is limited to confidentiality (C:L), with no impact on integrity or availability. The vulnerability does not require authentication or user interaction, making it remotely exploitable by an unauthenticated attacker over the network. However, no known exploits are currently reported in the wild, and no patches have been linked yet. Given the nature of buffer over-read, attackers might be able to read sensitive memory contents, which could include configuration data or other information that might aid further attacks or reconnaissance. The affected product, ABB AC500 V2, is widely used in industrial control systems (ICS) and critical infrastructure automation, making this vulnerability particularly relevant to operational technology (OT) environments.

For European organizations, especially those operating in critical infrastructure sectors such as energy, manufacturing, water treatment, and transportation, this vulnerability poses a risk of information leakage from industrial control systems. Although the vulnerability does not directly allow for system takeover or disruption, the confidentiality breach could facilitate further targeted attacks by revealing sensitive operational details or credentials. The exposure of such information could undermine the security posture of ICS environments, potentially leading to more severe attacks. Given the increasing integration of ICS with corporate networks and remote access capabilities, the risk of exploitation is amplified. The lack of required privileges and user interaction means attackers can attempt exploitation remotely, increasing the threat surface. European organizations relying on ABB AC500 V2 PLCs should consider this vulnerability seriously, as it could be leveraged in multi-stage attacks against critical infrastructure.

1. Immediate network segmentation: Isolate ABB AC500 V2 devices from general IT networks and restrict access to trusted management networks only. 2. Implement strict firewall rules and access control lists (ACLs) to limit network exposure of the affected PLCs, allowing only necessary communication from authorized sources. 3. Monitor network traffic for unusual or unauthorized access attempts targeting ABB AC500 V2 devices, using IDS/IPS systems tuned for ICS protocols. 4. Apply vendor patches promptly once available; coordinate with ABB support channels to obtain updates or workarounds. 5. Conduct regular security audits and vulnerability assessments on ICS environments to identify and remediate similar issues proactively. 6. Employ defense-in-depth strategies such as multi-factor authentication for remote access and robust logging to detect potential exploitation attempts. 7. Train ICS operators and security personnel on recognizing signs of exploitation and maintaining secure configurations of PLC devices.