IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Freelance Security Lock - Access to Windows OS

MEDIUM
CVSS 6.6
Date 2026-06-10T00:30:00+00:00
Source abb-psirt
Published by ABB PSIRT

// Description

ABB is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or make the product inaccessible.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2025-7064 6.6 medium
CVE-2025-7064. An attacker is able to attack Freelance user management when Security Lock is enabled. The precondition is that the attacker bypasses Freelance Operations which blocks access to the Windows operating system. This bypass can be achieved via undocumented or special key combinations available on modern keyboards. These combinations may allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions.

// Remediations (2)

Mitigation: ABB recommends using Freelance Extended User Management instead of Security Lock. Freelance Extended
ABB recommends using Freelance Extended User Management instead of Security Lock. Freelance Extended User Management is based on Windows user accounts and is available for Freelance 2019 or higher. For Freelance 2016 and earlier, please refer to chapter “General Security Information”. A fix for Freelance Security Lock is in preparation and will be announced in this updated document. Refer to section “General security recommendations” for further advise on how to keep your system secure. To reduce the likelihood of exploitation via keyboard shortcuts: - disable unnecessary accessibility features - use hardened OS configurations that suppress system-level shortcuts - implement BIOS/UEFI-level restrictions on keyboard input during runtime.
Workaround: Workarounds are specific measures that a user can take to help block an attack, for example, tempora
Workarounds are specific measures that a user can take to help block an attack, for example, temporarily disabling the vulnerable feature may remove the exposure with well-known impact on functionality. ABB has tested the following workaround. Although this workaround will not correct the underlying vulnerability, it can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”. For Freelance 2019 and higher, ABB recommends using Freelance Extended User Management instead of Security Lock. For Freelance 2016 SP1 and older, no workaround is available.

// References