---
title: "ABB WebPro SNMP Card Flaws Expose Critical Infrastructure to Attacks"
short_title: "ABB WebPro SNMP Card critical vulnerabilities"
description: "ABB discloses three critical vulnerabilities in WebPro SNMP Card PowerValue, enabling unauthorized access, DoS attacks, and authentication bypass. Patch now."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, snmp, cve-2025-4675, cve-2025-4676, cve-2025-4677, dos, authentication-bypass]
score: 0.85
cve_ids: [CVE-2025-4675, CVE-2025-4676, CVE-2025-4677]
---
## TL;DR
ABB has disclosed three critical vulnerabilities in its WebPro SNMP Card PowerValue firmware, affecting versions ≤1.1.8.k. These flaws enable unauthorized access, authentication bypass, and denial-of-service (DoS) attacks. Attackers with local network access can exploit these vulnerabilities to compromise critical infrastructure systems. ABB has released firmware version 1.1.8.p to patch these issues and urges immediate updates.
Main Content
### Introduction
ABB, a global leader in industrial technology, has identified three severe vulnerabilities in its WebPro SNMP Card PowerValue firmware. These flaws, if exploited, could allow attackers to gain unauthorized access, bypass authentication, or disrupt operations via DoS attacks. The vulnerabilities impact multiple critical infrastructure sectors, including energy, healthcare, and manufacturing, underscoring the urgency of applying the latest firmware update.
### Key Points
- Three critical vulnerabilities (CVE-2025-4675, CVE-2025-4676, CVE-2025-4677) affect ABB WebPro SNMP Card PowerValue firmware ≤1.1.8.k.
- Exploitation risks: Unauthorized access, authentication bypass, and DoS attacks.
- Affected sectors: Chemical, energy, healthcare, critical manufacturing, and more.
- Patch available: ABB has released firmware version 1.1.8.p to address these flaws.
- Mitigation: Apply the update or implement recommended defensive measures.
Technical Details
#### Vulnerability Breakdown
1. CVE-2025-4675 (CVSS 6.5 - Medium)
- Type: Improper Check for Unusual or Exceptional Conditions
- Impact: Modbus protocol instability on port 502, leading to service unavailability until a manual reboot.
- Cause: Incorrect implementation of the Modbus (slave) protocol.
2. CVE-2025-4676 (CVSS 8.8 - High)
- Type: Incorrect Implementation of Authentication Algorithm
- Impact: Authentication bypass via brute-forcing the first character of session cookies and bearer tokens.
- Cause: The device validates only the first character of session credentials, making it easy for attackers to bypass authentication.
3. CVE-2025-4677 (CVSS 6.5 - Medium)
- Type: Insufficient Session Expiration
- Impact: DoS attacks via uncontrolled resource consumption on ports 23 and 502.
- Cause: Idle session timeout is not configured, allowing attackers to exhaust device resources.
### Impact Assessment
These vulnerabilities pose significant risks to organizations relying on ABB’s WebPro SNMP Card PowerValue for monitoring and managing uninterruptible power supply (UPS) systems. Successful exploitation could lead to:
- Unauthorized control of UPS devices, risking power disruptions in critical environments.
- Operational downtime due to DoS attacks, affecting business continuity.
- Data breaches if attackers gain access to sensitive configuration data.
Given the global deployment of these devices, industries such as energy, healthcare, and manufacturing must prioritize patching to avoid potential cascading failures.
### Attack Vector
Attackers with local network access can exploit these vulnerabilities by:
- Sending crafted Modbus messages to trigger instability (CVE-2025-4675).
- Brute-forcing the first character of session cookies to bypass authentication (CVE-2025-4676).
- Establishing multiple connections to exhaust device resources (CVE-2025-4677).
### Mitigation Steps
ABB has released firmware version 1.1.8.p to patch these vulnerabilities. Users are advised to:
1. Update immediately to the latest firmware version.
2. Contact ABB Digital Service Support ([[email protected]](mailto:[email protected])) for guidance.
3. Implement defensive measures, such as:
- Isolating control system networks from business networks.
- Using firewalls to limit access to ports 23, 502, and 503.
- Employing VPNs for remote access, ensuring they are updated and secured.
4. Monitor for suspicious activity and report incidents to CISA or ABB PSIRT.
### Affected Systems
- Product: ABB WebPro SNMP Card PowerValue
- Affected Versions: ≤1.1.8.k
- Patched Version: 1.1.8.p
## Conclusion
The discovery of these vulnerabilities in ABB’s WebPro SNMP Card PowerValue highlights the growing risks faced by critical infrastructure sectors. Organizations must act swiftly to patch affected systems and implement defensive measures to mitigate potential attacks. Failure to address these flaws could result in operational disruptions, data breaches, or unauthorized control of critical devices.
For more details, refer to ABB’s official advisory and CISA’s recommendations.
## References
[^1]: ABB PSIRT. "ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities Advisory". Retrieved 2024-10-02.
[^2]: CISA. "ICS Advisory ICSA-26-132-06". Retrieved 2024-10-02.
[^3]: MITRE. "CWE-754: Improper Check for Unusual or Exceptional Conditions". Retrieved 2024-10-02.
[^4]: MITRE. "CWE-303: Incorrect Implementation of Authentication Algorithm". Retrieved 2024-10-02.
[^5]: MITRE. "CWE-613: Insufficient Session Expiration". Retrieved 2024-10-02.