CVE-2025-4675
📋 TL;DR
This CVE describes an improper check for unusual or exceptional conditions vulnerability in ABB WebPro SNMP Card PowerValue devices. Attackers could exploit this to cause denial of service or potentially execute arbitrary code on affected devices. Organizations using ABB WebPro SNMP Card PowerValue or PowerValue UL devices through version 1.1.8.K are affected.
💻 Affected Systems
- ABB WebPro SNMP Card PowerValue
- ABB WebPro SNMP Card PowerValue UL
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, allowing attackers to manipulate power monitoring systems or pivot to other network segments.
Likely Case
Denial of service causing disruption to power monitoring capabilities, potentially affecting operational visibility and alerting.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting the specific device functionality.
🎯 Exploit Status
CWE-754 vulnerabilities typically involve sending malformed SNMP requests or triggering edge cases that bypass error handling.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.1.8.K
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware update from ABB portal. 2. Backup current configuration. 3. Upload new firmware via web interface. 4. Reboot device. 5. Verify firmware version and functionality.
🔧 Temporary Workarounds
Disable SNMP if not required
allDisable SNMP service on affected devices if monitoring is not required
Access web interface > Configuration > SNMP Settings > Disable SNMP
Restrict SNMP access
allConfigure SNMP access controls to limit which IP addresses can communicate with the device
Access web interface > Configuration > SNMP Settings > Configure Access Control Lists
🧯 If You Can't Patch
- Segment affected devices on isolated network VLANs with strict firewall rules
- Implement network monitoring for unusual SNMP traffic patterns to affected devices
🔍 How to Verify
Check if Vulnerable:
Access device web interface > System Information > Check firmware version is 1.1.8.K or earlierCheck Version:
snmpget -v2c -c public [device_ip] .1.3.6.1.2.1.1.1.0 (check system description for version)Verify Fix Applied:
Verify firmware version shows higher than 1.1.8.K and test SNMP functionality📡 Detection & Monitoring
Log Indicators:
- Multiple SNMP request failures
- Device reboot events
- Unusual SNMP community string attempts
Network Indicators:
- Unusual SNMP traffic volume to affected devices
- SNMP requests with malformed packets
SIEM Query:
source_ip=* AND destination_port=161 AND (protocol=UDP OR protocol=SNMP) AND bytes_sent>1000