Missing Authentication Vulnerability in ABB ALS-mini S4 and S8 IP Products
CVE-2025-9574
What is CVE-2025-9574?
CVE-2025-9574 is a critical vulnerability found in the ABB ALS-mini S4 and S8 IP products, primarily used in industrial automation and process control systems. This vulnerability revolves around a lack of authentication for crucial functions, potentially allowing unauthorized users to access and manipulate the devices without proper credentials. Given that these products play a vital role in managing and controlling industrial operations, the exploitation of this vulnerability can lead to severe disruptions in critical infrastructure. The affected firmware versions are those with serial numbers ranging from 2000 to 5166, making a significant number of devices susceptible to attacks. The risk is particularly high since the absence of authentication mechanisms could facilitate unauthorized system control, data manipulation, or operational disruptions.
Potential impact of CVE-2025-9574
-
Unauthorized Access and Control: Attackers could gain unauthorized access to the affected devices, leading to manipulation of operational settings or execution of malicious commands within industrial systems.
-
Operational Disruption: Exploiting this vulnerability could result in significant disruptions to essential industrial processes, potentially causing downtime that could affect production schedules and lead to financial losses.
-
Data Integrity Risks: The lack of authentication may allow malicious actors to alter or corrupt critical data, posing risks not only to the integrity of operational data but also to safety and compliance standards within the affected organizations.
Affected Version(s)
ALS-mini-s4 IP 0
ALS-mini-s8 IP 0
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved