CVE-2025-13162 ABB CVE debrief

Who should care

Organizations using ABB Control Builder A and ABB 800xA for Advant Master should prioritize patching this vulnerability to prevent potential local attacks. The vulnerability requires a local attack vector and has a high attack complexity, but successful exploitation could lead to high impact on integrity. Security teams and administrators responsible for these systems should take immediate action.

Technical summary

The Uncontrolled Search Path Element vulnerability in ABB Control Builder A and ABB 800xA for Advant Master allows a local attacker with low privileges to potentially exploit the vulnerability, leading to high impact on integrity. The vulnerability is triggered by an uncontrolled search path element. ABB has released a reference document (https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch) that provides further details and mitigation strategies.

Defensive priority

Apply patches or mitigations as recommended by ABB to prevent exploitation. Review and update system configurations to ensure they align with security best practices.

Recommended defensive actions

• Apply patches or mitigations as recommended by ABB.
• Review and update system configurations to ensure they align with security best practices.
• Monitor systems for suspicious activity.
• Implement compensating controls to reduce the attack surface.
• Conduct regular vulnerability assessments and penetration testing.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and potential mitigations. ABB has also provided a reference document for further information. The vulnerability has a medium CVSS score of 4.1, indicating a moderate level of severity.

Official resources