The volume of disclosed vulnerabilities in building automation, SCADA, and ICS-adjacent products reached a new high in 2025, with internet-exposed management interfaces as the dominant attack surface.
Across the year, Zero Science Lab published over 120 advisories covering products from ABB, Honeywell, Schneider Electric, JUNG, and dozens of smaller vendors. The majority of findings fell into three categories: authentication bypass, command injection, and path traversal.
A recurring pattern emerged: web-based management interfaces deployed on building management systems (BMS) with factory-default credentials, no rate limiting, and direct exposure to the internet via misconfigured firewalls or intentional remote-access setups.
Several trends defined the year:
The convergence of IT and OT networks continues to expand the attack surface. As more building automation products ship with cloud connectivity and mobile management apps, the number of externally reachable control interfaces will only grow. Coordinated disclosure remains the most effective mechanism for driving remediation in this space.