CVE-2025-9574
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-24
Assigner: Asea Brown Boveri Ltd. (ABB)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| abb | als-mini-s8_ip | * |
| abb | als-mini-s4_ip | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authentication for Critical Function issue in ABB ALS-mini-s4 IP and ABB ALS-mini-s8 IP devices. It affects all firmware versions with serial numbers from 2000 to 5166. Essentially, critical functions in these devices can be accessed without proper authentication, which means unauthorized users could potentially perform sensitive operations.
How can this vulnerability impact me? :
Because the vulnerability allows critical functions to be accessed without authentication, an attacker could remotely exploit this to gain unauthorized control or manipulate the affected devices. This could lead to severe consequences such as compromising the integrity and confidentiality of the system, potentially disrupting operations or causing damage.