Description
Authentication bypass by primary weakness vulnerability in ABB Freelance.

This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.
Published: 2026-06-11
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an authentication bypass flaw in ABB Freelance that allows an attacker to gain unauthorized access to the Windows operating system. This primary weakness can enable an attacker to execute actions with the privileges of the affected user or system account, compromising confidentiality, integrity, and availability of the system. The flaw arises from a failure to enforce proper authentication checks. The associated CWE identifier is 305.

Affected Systems

The flaw affects ABB Freelance versions through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. Users running any of these releases are potentially susceptible to the authentication bypass incident.

Risk and Exploitability

The CVSS score is 5.6, indicating a moderate severity and reflecting the risk of unauthorized access. EPSS data is not available, so the current exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, which suggests that there is no publicly known exploitation in the wild. Based on the nature of the flaw, the likely attack vector is remote, as an attacker could target the Freelance service over the network if it is exposed. If the service is reachable, the vulnerability could be leveraged to bypass authentication controls and gain unauthorized access to the Windows OS.

Generated by OpenCVE AI on June 11, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download the latest security update or patch that fixes the authentication bypass flaw from ABB's official website.
  • Apply the patch.
  • If no patch is available, restrict network access to the Freelance application by configuring firewall rules or isolating it from the untrusted network until remediation can be applied.
  • Enforce strong, unique administrative passwords and enable multi-factor authentication if the product supports it, to reduce the likelihood of successful unauthorized access.

Generated by OpenCVE AI on June 11, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Abb
Abb freelance
Vendors & Products Abb
Abb freelance

Thu, 11 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.
Title Freelance Security Lock – Access to Windows OS
Weaknesses CWE-305
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

cvssV4_0

{'score': 5.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P/AU:N/R:U/V:D/RE:L/U:Green'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-06-11T12:43:52.186Z

Reserved: 2025-07-04T09:09:57.969Z

Link: CVE-2025-7064

cve-icon Vulnrichment

Updated: 2026-06-11T12:43:48.345Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T10:16:21.053

Modified: 2026-06-11T15:28:44.720

Link: CVE-2025-7064

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:18:22Z

Weaknesses
  • CWE-305

    Authentication Bypass by Primary Weakness