PatchSiren cyber security CVE debrief
CVE-2024-48849 ABB CVE debrief
CVE-2024-48849 is a critical ABB advisory affecting FLXEON-controller family products and related firmware versions at or below 9.3.4. CISA published the advisory on 2025-01-23 and later revised it on 2025-02-14. The issue is described as insufficient session management to prevent unauthorized HTTPS requests, which can expose affected systems to unauthorized actions over the network. The source remediation directs owners to upgrade to firmware 9.3.5 or later and to remove direct Internet exposure, including NAT port forwarding.
- Vendor
- ABB
- Product
- FLXEON Controllers
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-23
- Original CVE updated
- 2025-02-14
- Advisory published
- 2025-01-23
- Advisory updated
- 2025-02-14
Who should care
OT/ICS operators, ABB FLXEON asset owners, control-system administrators, remote-access/VPN administrators, and security teams responsible for industrial controller patching and network segmentation.
Technical summary
The advisory describes a session-management weakness that could allow unauthorized HTTPS requests against affected ABB FLXEON-related firmware. The supplied CVSS score is 9.4 (Critical), with network attack conditions, no privileges required, no user interaction, and potential high integrity and availability impact. The affected product list in the CSAF advisory includes FBXi, FBVi, FBTi, and CBXi firmware versions <= 9.3.4.
Defensive priority
Immediate for any exposed or remotely accessible deployment; high priority for all affected firmware versions <= 9.3.4.
Recommended defensive actions
- Upgrade affected ABB firmware to version 9.3.5 or above as directed by the vendor.
- Remove any direct Internet exposure, including direct ISP connections and NAT port forwarding, for affected FLXEON products.
- Use only secure remote-access methods; if VPN is required, keep it updated and configured for secure access.
- Enforce physical access controls so unauthorized personnel cannot access devices, peripherals, or the supporting network.
- Confirm which ABB FLXEON-family devices are deployed in your environment and verify their firmware versions against the advisory.
- Apply CISA ICS defense-in-depth and recommended-practices guidance for segmentation, access control, and remote access to OT assets.
Evidence notes
All substantive statements here come from the supplied CISA CSAF advisory ICSA-25-051-02, the ABB remediation references, and the linked CVE/NVD records. The advisory states that session management was not sufficient to prevent unauthorized HTTPS requests and lists affected firmware as <= 9.3.4 for the ABB product tree. The remediation section explicitly recommends upgrading to 9.3.5 or above and avoiding direct Internet exposure. The advisory revision history shows the public record was published on 2025-01-23 and later modified on 2025-02-14.
Official resources
-
CVE-2024-48849 CVE record
CVE.org
-
CVE-2024-48849 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA/ABB advisory ICSA-25-051-02 on 2025-01-23 and revised on 2025-02-14. No KEV listing was supplied for this CVE.