Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
AnalysisAI
Authorization bypass in ABB T-MAC Plus version 4.0-24 allows adjacent-network attackers to perform unauthorized actions that compromise device integrity and availability without any credentials or user interaction. The flaw is an incorrect authorization weakness (CWE-863) carrying a CVSS 4.0 score of 7.2, and no public exploit identified at time of analysis. ABB itself disclosed the issue and published an advisory describing the affected firmware.
Technical ContextAI
T-MAC Plus is an ABB industrial measurement/automation device commonly deployed in operational technology (OT) and industrial control environments. CWE-863 (Incorrect Authorization) indicates that the device performs an authorization check but reaches the wrong conclusion - typically permitting actions a user or peer should not be allowed to take, rather than failing to check authorization entirely (which would be CWE-862). The CPE string cpe:2.3:a:abb:t-mac_plus identifies the affected firmware/application running on the device, and the CVSS attack vector of Adjacent (AV:A) indicates the flaw is reachable from the same logical Layer-2/Bluetooth/limited broadcast segment the device sits on, consistent with how field devices are typically networked.
RemediationAI
Patch availability is not explicitly enumerated in the provided intelligence - consult the ABB advisory at https://search.abb.com/library/Download.aspx?DocumentID=9AKK108472A7840&LanguageCode=en&DocumentPartId=&Action=Launch for the fixed firmware version and apply it during the next maintenance window using ABB's documented upgrade procedure. Until the patch is deployed, restrict logical network access to T-MAC Plus devices by placing them on a dedicated OT VLAN behind a firewall or data diode, enforce ISA/IEC 62443 zone-and-conduit segmentation so only engineering workstations on the same trusted segment can reach the device (trade-off: legitimate adjacent management tools must be allow-listed), and enable monitoring on the OT segment to alert on unexpected configuration or command traffic to the device (trade-off: increases SOC noise but provides detection in the absence of a patch). Avoid exposing the device to general corporate or wireless segments where attackers could gain adjacent-network reachability.
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500,
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI i
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilizat
The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work f
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210047
GHSA-rpj2-8q6r-rm58