CVE-2025-14774: ABB T-MAC Plus Denial-of-Service Vulnerability (CVSS 7.4)
CVE-2025-14774 is a flaw in ABB T-MAC Plus (version 4.0-24) where access control is not properly enforced, allowing an attacker on the same network to disrupt system availability without needing credentials or user interaction. The vulnerability has a CVSS score of 7.4 (HIGH) and is classified as an incorrect authorization issue.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.4 HIGH · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-863
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-03 / 2026-06-17
NVD description (verbatim)
Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from improper authorization checks (CWE-863) in ABB T-MAC Plus 4.0-24. An attacker positioned on an adjacent network segment (AV:A) can exploit this flaw with low complexity to trigger a denial-of-service condition. The attack requires no authentication (PR:N) or user action (UI:N), but affects only system availability (A:H) with no confidentiality or integrity impact. The scope is changed (S:C), meaning the vulnerability may impact other resources beyond the vulnerable component itself.
Business impact
Availability disruption of ABB T-MAC Plus systems can interrupt critical industrial control or automation processes that depend on this software. Organizations running T-MAC Plus should assess whether downtime would affect production schedules, safety systems, or customer-facing services. The network-adjacent attack vector means risk is primarily from internal or supply-chain connected threat actors rather than internet-facing exposure.
Affected systems
ABB T-MAC Plus version 4.0-24 is affected. Organizations should inventory systems running this specific version. Verify whether earlier or later versions of T-MAC Plus are present in your environment—patch availability and scope of affected versions should be confirmed through ABB's official advisory documentation.
Exploitability
The attack is relatively straightforward to execute once an attacker is on the local network segment. No authentication, sophisticated tooling, or user interaction is required. The barrier to exploitation is low complexity, though the attacker must first gain network adjacency (e.g., through VPN, compromised internal system, or physical access to the network). This is not an internet-exposed attack vector but a credible internal threat scenario.
Remediation
Apply the security update issued by ABB for T-MAC Plus. Verify the patch version number and deployment steps in the vendor's advisory. If a patch is not yet available, implement network segmentation to restrict access to T-MAC Plus systems from untrusted internal or external networks. Consider isolating the system to a management VLAN or limiting ingress to known administrative sources.
Patch guidance
Check ABB's official security bulletin for T-MAC Plus to identify the patched version that resolves CVE-2025-14774. Follow ABB's documented testing and rollout procedures to minimize downtime. Test the patch in a non-production environment first, particularly if T-MAC Plus is critical to operations. Document the patching activity and verify the fix using ABB's recommended validation steps.
Detection guidance
Monitor for denial-of-service patterns against T-MAC Plus systems, particularly from internal or adjacent network sources. Log and alert on failed authorization attempts or anomalous access attempts from network-adjacent devices. Implement network IDS/IPS signatures (if available from your security vendor) that detect exploitation attempts. Review firewall and access control logs for unexpected traffic to T-MAC Plus management or data ports.
Why prioritize this
This vulnerability merits near-term remediation due to its HIGH severity score, ease of exploitation once network access is achieved, and potential to disrupt availability of industrial automation systems. While the network-adjacent requirement limits exposure compared to internet-facing flaws, the low complexity of the attack and broad scope impact justify rapid patching. Prioritize systems in production environments or those supporting safety-critical operations.
Risk score, explained
The CVSS 7.4 (HIGH) score reflects the combination of low attack complexity, no authentication required, and high availability impact. The network-adjacent vector (AV:A) prevents a perfect score but does not reduce urgency for internal defenders, as most industrial environments assume some insider threat or lateral movement risk. The changed scope means collateral impact is possible, increasing operational risk.
Frequently asked questions
Why does this vulnerability require network adjacency? Can it be exploited remotely over the internet?
The attack vector is restricted to adjacent network segments (AV:A), meaning the attacker must be on the same network link or a directly connected network. This is common in industrial control settings where systems are typically accessed via VPN or internal connections rather than exposed directly to the internet. Remote exploitation is not possible unless the attacker first compromises another system on the internal network.
Does this vulnerability allow unauthorized users to read sensitive data or modify system settings?
No. The vulnerability has no confidentiality (C:N) or integrity (I:N) impact. It causes denial-of-service only (A:H). An attacker cannot steal data or change configuration; they can only disrupt availability. This limits the attack surface but does not reduce the urgency of remediation if T-MAC Plus uptime is critical to operations.
Is this vulnerability actively exploited in the wild?
CVE-2025-14774 is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning there is no confirmed evidence of active exploitation. However, the low complexity of the attack means it could be exploited opportunistically by motivated threat actors once the vulnerability is public or disclosed internally.
What steps should I take if I cannot patch immediately?
Implement network segmentation to restrict access to T-MAC Plus systems. Limit connectivity to authorized administrative sources only. Monitor for anomalous access patterns and denial-of-service indicators. Maintain incident response procedures in case availability is disrupted. Contact ABB support for estimated patch timeline and interim mitigations specific to your deployment.
This analysis is based on published CVE data and vendor information current as of the date of this page. Patch versions, availability dates, and detailed remediation steps must be verified against ABB's official security advisories. Organizations should conduct their own risk assessment based on their specific T-MAC Plus deployment, network architecture, and operational criticality. SEC.co does not provide legal or compliance advice; consult your legal and compliance teams regarding disclosure and remediation timelines for your organization. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2025-32348HIGHAndroid Local Privilege Escalation via Missing Permission Check
- CVE-2026-3514HIGHPrefect 3.6.19 Authentication Bypass via Health Check Exemptions
- CVE-2026-35482HIGHalf.io Sandbox Escape Allows Admin Command Execution
- CVE-2026-35674HIGHOpenClaw Gateway Scope Bypass Privilege Escalation
- CVE-2026-10211MEDIUMAstrBot 4.23.6 Path Normalization Authorization Bypass
- CVE-2026-10616MEDIUMAuthorization Bypass in nextlevelbuilder GoClaw Task Completion
- CVE-2026-10815MEDIUMAuthorization Bypass in Hostel Management System PHP
- CVE-2026-10860MEDIUMMISP Delete Validation Bypass – Logic Error in HTTP DELETE Handler