CVE-2025-9574
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Red
Summary
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .
All firmware versions with the Serial Number from 2000 to 5166
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | ALS-mini-s4 IP | 0 | affected |
| ABB | ALS-mini-s8 IP | 0 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
Workarounds are specific measures that a user can take to help block an attack. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.
– Physically disconnect the ethernet port if embedded web server is not being used.
Impact of workaround
The embedded web server and all its functionalities, incl. load monitoring, alarms, remote configuration, etc. will not be accessible. However, the product will continue functioning as normal based on configured control parameters.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.