CVE-2025-9970
BaseFortify
Publication date: 2025-10-08
Last updated on: 2025-10-08
Assigner: Asea Brown Boveri Ltd. (ABB)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| abb | mconfig | 1.4.9.21 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-316 | The product stores sensitive information in cleartext in memory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cleartext Storage of Sensitive Information in Memory issue found in ABB MConfig software versions up to 1.4.9.21. It means that sensitive data is stored in memory without encryption, potentially exposing it to unauthorized access.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information stored in memory, which may result in data breaches or compromise of system integrity. Attackers with local access and low privileges might exploit this to gain sensitive data, impacting confidentiality and possibly leading to further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive information. Storing sensitive data in cleartext in memory increases the risk of data exposure, potentially leading to violations of data protection requirements.