CVE-2025-9574

Summary

Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . 

All firmware versions with the Serial Number from 2000 to 5166

Affected Software

VendorProductVersion RangeStatus
ABBALS-mini-s4 IP0affected
ABBALS-mini-s8 IP0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Workarounds are specific measures that a user can take to help block an attack. ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors. When a workaround reduces functionality, this is identified below as “Impact of workaround”.

– Physically disconnect the ethernet port if embedded web server is not being used.

Impact of workaround

The embedded web server and all its functionalities, incl. load monitoring, alarms, remote configuration, etc. will not be accessible. However, the product will continue functioning as normal based on configured control parameters.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References