CVE-2025-4676 ABB CVE debrief

Who should care

OT and facility teams running ABB WebPro SNMP Card PowerValue devices, especially administrators responsible for web HMI access, remote management paths, and segmented industrial networks.

Technical summary

According to the advisory, the device web HMI authenticates users by checking only the first character of the session cookie and bearer token. If those first characters are correct, the user is validated. This weak verification enables an authentication bypass, and ABB states the issue is corrected in WebPro SNMP Card PowerValue version 1.1.8.p.

Defensive priority

High. This is an authentication-bypass issue with a CVSS 3.1 score of 8.8 and high confidentiality, integrity, and availability impact. Prioritize patching or compensating controls for any exposed or reachable HMI instance.

Recommended defensive actions

• Upgrade affected ABB WebPro SNMP Card PowerValue systems to version 1.1.8.p or later, where ABB says the issue is corrected.
• If immediate upgrade is not feasible, follow ABB's 'Mitigation factors' and 'General security recommendations' in the product instruction manual.
• Contact ABB Digital Service Support at [email protected] for guidance and recommended actions.
• Apply CISA ICS recommended practices, including defense-in-depth and limiting exposure of the web HMI to only authorized management paths.
• Restrict and monitor access to the device management interface, especially on OT networks where HMI exposure is unnecessary.

Evidence notes

The supplied CISA CSAF advisory ICSA-26-132-06 was first published on 2026-01-07T00:30:00Z and republished on 2026-05-12T06:00:00Z from ABB PSIRT advisory 2CRT000009. The advisory text explicitly describes the flaw as validation of only the first character of the session cookie and authentication token. The provided CVSS vector is AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. No CISA KEV entry was provided in the source corpus.

Official resources