CVE-2024-48841 ABB CVE debrief

Who should care

OT/ICS operators, plant engineers, security teams, and integrators responsible for ABB FLXEON deployments—especially systems exposed to the internet, reachable through NAT port forwarding, or used for remote access.

Technical summary

The supplied advisory describes a network-accessible arbitrary code execution flaw with elevated privileges. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) indicates remote exploitation without authentication or user interaction, with potential impact across confidentiality, integrity, and availability. CISA’s CSAF advisory ties the issue to ABB FLXEON family products and explicitly lists FBXi, FBVi, FBTi, and CBXi firmware versions <= 9.3.4 as affected.

Defensive priority

Immediate

Recommended defensive actions

• Upgrade all affected FLXEON products to firmware 9.3.5 or above.
• Stop and disconnect any FLXEON products exposed directly to the internet, including via direct ISP connections or NAT port forwarding.
• Restrict remote access to secure methods only; if VPN is used, ensure it is fully updated and configured for secure access.
• Verify physical access controls so unauthorized personnel cannot access devices, components, peripheral equipment, or networks.
• Inventory ABB FLXEON deployments and confirm whether FBXi, FBVi, FBTi, or CBXi firmware versions are at or below 9.3.4.

Evidence notes

Primary evidence comes from CISA’s CSAF advisory ICSA-25-051-02 for ABB FLXEON Controllers, published 2025-01-23 and revised 2025-02-14. The advisory text states: 'Network access can be used to execute arbitrary code with elevated privileges' and identifies affected firmware as <= 9.3.4. The remediation section directs users to upgrade to 9.3.5 or above and to remove direct internet exposure. The revision history notes a later correction in the CWE entry.

Official resources