By vendor
Abb vulnerabilities
Known CVEs affecting Abb products, prioritized by severity, with SEC.co remediation and detection guidance.
3 published vulnerabilities
- CVE-2025-14772HIGH 8.8
CVE-2025-14772 is an authorization bypass flaw in ABB T-MAC Plus versions up to 4.0-24 that allows authenticated users to escalate their privileges beyond their intended permissions. An attacker who has already gained login credentials can manipulate user-controlled keys to circumvent access controls, gaining unauthorized access to sensitive functions or data they should not be able to reach. This is a post-authentication vulnerability requiring valid credentials to exploit, but poses significant risk because privilege escalation enables lateral movement and further system compromise within industrial control environments where T-MAC Plus is deployed.
- CVE-2025-14773HIGH 8.0
ABB T-MAC Plus versions up to 4.0-24 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts into web pages. When another user views a page containing the injected script, the script executes in their browser with their privileges, potentially enabling attackers to steal sensitive information, hijack sessions, or perform unauthorized actions on behalf of victims. The vulnerability requires both user authentication and victim interaction, limiting but not eliminating its risk in multi-user environments.
- CVE-2025-14774HIGH 7.4
CVE-2025-14774 is a flaw in ABB T-MAC Plus (version 4.0-24) where access control is not properly enforced, allowing an attacker on the same network to disrupt system availability without needing credentials or user interaction. The vulnerability has a CVSS score of 7.4 (HIGH) and is classified as an incorrect authorization issue.