Sensitive Query Strings Vulnerability in ABB ANC Products
CVE-2024-9877

5.3MEDIUM

Key Information:

Vendor: Abb
Status: Anc; Anc-l; Anc-mini
Vendor: CVE Published:; 30 April 2025

What is CVE-2024-9877?

A vulnerability exists in ABB's ANC products that allows an attacker to exploit sensitive information transmitted via the GET request method. This issue can potentially expose private data contained in query strings, impacting user confidentiality and security. The affected versions include ANC through 1.1.4, ANC-L through 1.1.4, and ANC-mini through 1.1.4. Users are encouraged to review their configurations and ensure sensitive data is handled securely.

Affected Version(s)

ANC 0 <= 1.1.4

ANC-L 0 <= 1.1.4

ANC-mini 0 <= 1.1.4

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Oct 11, 2024

Abb

What is CVE-2024-9877?

Affected Version(s)

References

CVSS V4

Timeline