Unverified Password Change Vulnerability in ANC Software by ABB
CVE-2024-47784

2.1LOW

Key Information:

Vendor: Abb
Status: Anc; Anc-l; Anc-mini
Vendor: CVE Published:; 30 April 2025

What is CVE-2024-47784?

The ANC software by ABB contains a vulnerability that allows authenticated users to bypass the old password verification step when changing their passwords through the web HMI. This flaw can lead to unauthorized access, as attackers may exploit it to change passwords without the correct old password, thereby compromising user accounts and associated data. It is essential for users to apply available patches and update to versions beyond 1.1.4 to mitigate this risk.

Affected Version(s)

ANC 0 <= 1.1.4

ANC-L 0 <= 1.1.4

ANC-mini 0 <= 1.1.4

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Oct 1, 2024

Abb

What is CVE-2024-47784?

Affected Version(s)

References

CVSS V4

Timeline