Skip to main content

ABB 800xA CVE-2025-13162

| EUVDEUVD-2025-210312 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-06-23 ABB GHSA-f2p3-r6h4-xx6j
4.1
CVSS 4.0 · Vendor: ABB
Share

Severity by source

Vendor (ABB) PRIMARY
4.1 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local-only attack path with high complexity for search path manipulation, low privilege required to write the DLL, user interaction required to trigger load; no confidentiality or availability impact per CWE-427 integrity-focused exploitation.

3.1 AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
4.0 AV:L/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (ABB).

CVSS VectorVendor: ABB

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
CVSS changed
Jun 23, 2026 - 18:22 NVD
4.4 (MEDIUM) 4.1 (MEDIUM)
Analysis Generated
Jun 23, 2026 - 17:05 vuln.today

DescriptionCVE.org

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master.

This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.

AnalysisAI

Uncontrolled Search Path Element (DLL hijacking) in ABB Control Builder A and 800xA for Advant Master enables a local low-privileged attacker to achieve high-integrity code execution on industrial engineering workstations. Affected versions span Control Builder A through 1.4/4 and 800xA for Advant Master through 6.2.0-1, covering multiple release branches of ABB's flagship OT automation suite. No public exploit or CISA KEV listing is identified at time of analysis, limiting immediate mass-exploitation risk, though OT environments running these ICS platforms warrant targeted patching prioritization given integrity-impact severity.

Technical ContextAI

CWE-427 (Uncontrolled Search Path Element) describes a class of vulnerability where an application resolves DLLs, executables, or libraries by searching directories in a user-controllable order - commonly known as DLL hijacking or binary planting on Windows. ABB Control Builder A (CPE: cpe:2.3:a:abb:control_builder_a) is an engineering tool for configuring ABB Advant Master distributed control systems. ABB 800xA for Advant Master (CPE: cpe:2.3:a:abb:800xa_for_advant_master) is the extended automation platform integrating legacy Advant Master DCS with the 800xA HMI and engineering environment. Both products run on Windows-based engineering workstations in industrial OT environments. The root cause is that the application trusts user-writable directories that appear earlier in the DLL search path than the intended system or application directories, allowing a planted malicious library to be loaded in place of a legitimate one.

RemediationAI

Consult ABB advisory document 7PAA020047 (https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch) for vendor-released patch guidance; no specific patched version numbers are confirmed in currently available intelligence, so 'Patch available per vendor advisory' is the most accurate characterization. While awaiting patching, apply compensating controls specific to DLL hijacking: restrict write permissions on directories in the application's DLL search path so that only SYSTEM and local administrators can write there, which reduces an attacker's ability to plant a malicious library. Enable Windows SafeDllSearchMode (registry: HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode=1) to ensure system directories are searched before user-writable locations. Monitor Windows Event Logs and endpoint detection tooling for unexpected DLL load events from non-standard paths within the ABB application process. Limit interactive logon access to engineering workstations to authorized ICS personnel only, reducing the pool of potential low-privilege local attackers. Note: restricting search path write access may require testing against application functionality if the product writes to those directories during normal operation.

Share

CVE-2025-13162 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy