Skip to main content

ABB T-MAC Plus CVE-2025-14772

| EUVDEUVD-2025-210051 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-03 ABB GHSA-vc9h-72v9-5249
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 03, 2026 - 11:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 03, 2026 - 11:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 03, 2026 - 11:22 vuln.today
cvss_changed
CVSS changed
Jun 03, 2026 - 11:22 NVD
8.8 (HIGH) 7.3 (HIGH)
Analysis Generated
Jun 03, 2026 - 11:00 vuln.today

DescriptionCVE.org

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.

This issue affects T-MAC Plus: 4.0-24.

AnalysisAI

Authorization bypass in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw scores CVSS 7.3 with high impact to integrity and availability, and no public exploit identified at time of analysis. The vulnerability was reported by the vendor (ABB) itself, indicating coordinated disclosure rather than incident-driven discovery.

Technical ContextAI

ABB T-MAC Plus is an industrial energy and power-quality monitoring/measurement device produced by ABB, typically deployed in operational technology (OT) and electrical-distribution environments. The root cause is CWE-639 (Authorization Bypass Through User-Controlled Key), a class of insecure direct object reference (IDOR) where the application uses an identifier supplied by the requester (such as a numeric record ID, account ID, or resource handle in a URL or parameter) to fetch data without verifying that the requesting session is actually authorized to access that specific object. The CPE 'cpe:2.3:a:abb:t-mac_plus:*' confirms the application-tier T-MAC Plus product is affected, and the CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:L/UI:N) indicates the flaw is reachable over the network by an already-authenticated low-privilege user, with an additional attack requirement (AT:P) suggesting a precondition such as knowing or enumerating another resource identifier.

RemediationAI

Consult the ABB security advisory at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840&LanguageCode=en&DocumentPartId=&Action=Launch for the vendor-recommended fixed firmware or software release; the input data does not contain an independently confirmed fix version, so treat the advisory as the authoritative patch source (patch available per vendor advisory). Until the upgrade can be staged, place T-MAC Plus devices behind a strict network segmentation boundary so that the management interface is reachable only from a dedicated jump host or engineering workstation (trade-off: legitimate remote monitoring workflows will need to traverse the jump host); rotate and restrict low-privilege accounts to the minimum personnel needed, since exploitation requires PR:L access; and enable application-layer logging of object-access requests so anomalous ID enumeration can be detected. Avoid exposing the device's HTTP/management endpoints to corporate or internet networks, which removes the network attack vector entirely at the cost of losing remote access.

More in Abb

View all
CVE-2012-0245 CRITICAL
10.0 Mar 09

Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used

CVE-2024-6298 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2024-6209 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2017-17888 HIGH POC
8.8 Dec 27

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500,

CVE-2019-7225 HIGH POC
8.8 Jun 27

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI i

CVE-2019-7226 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a

CVE-2019-7228 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high

CVE-2019-7232 HIGH POC
8.8 Jun 24

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high

CVE-2019-7230 HIGH POC
8.8 Jun 24

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (

CVE-2024-4007 HIGH POC
8.7 Jul 01

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t

CVE-2019-7229 HIGH POC
8.3 Jun 24

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilizat

CVE-2019-18997 HIGH POC
7.5 Dec 18

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work f

Share

CVE-2025-14772 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy