{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3aabbt-mac_plus4.0-24/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:abb:t-mac_plus:4.0-24:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.9,"id":"CVE-2025-14771"},{"cvss":8.8,"id":"CVE-2025-14772"},{"cvss":8,"id":"CVE-2025-14773"},{"cvss":7.4,"id":"CVE-2025-14774"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ABB T-MAC Plus 4.0-24"],"_cs_severities":["critical"],"_cs_tags":["industrial-control-systems","scada","critical-manufacturing","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eCISA has released an advisory highlighting multiple critical and high-severity vulnerabilities affecting ABB T-MAC Plus version 4.0-24, a product widely deployed in the Critical Manufacturing sector globally. These vulnerabilities include CVE-2025-14771, a critical file disclosure flaw allowing authenticated users to exfiltrate sensitive files via crafted HTTP GET requests; CVE-2025-14772, a high-severity authorization bypass enabling unprivileged users to perform administrative operations; CVE-2025-14773, a high-severity stored cross-site scripting (XSS) vulnerability that permits authenticated users to execute arbitrary JavaScript code on a victim's browser; and CVE-2025-14774, a high-severity insecure network protocol issue that can lead to an unauthenticated denial-of-service condition for the Card Reader service. Exploitation of these vulnerabilities could lead to significant system compromise, data exfiltration, privilege escalation, or service disruption. ABB has released T-MAC Plus version 4.0-25 to address these issues, urging customers to apply the update promptly.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to the ABB T-MAC Plus web application, either through legitimate but compromised credentials or by exploiting another vulnerability (e.g., an unauthenticated attacker targeting CVE-2025-14774).\u003c/li\u003e\n\u003cli\u003eIf authenticated with low privileges, the attacker exploits CVE-2025-14772 (Authorization Bypass) by crafting specific HTTP requests to the web application that perform administrative operations typically restricted to higher-privileged users, thereby escalating their privileges.\u003c/li\u003e\n\u003cli\u003eWith elevated or existing authenticated access, the attacker exploits CVE-2025-14771 (File Disclosure) by sending a specially crafted HTTP GET request to the web application.\u003c/li\u003e\n\u003cli\u003eThe vulnerable web application, due to the misconfiguration or flaw in file access controls, responds with sensitive files to the attacker, leading to the exfiltration of confidential information.\u003c/li\u003e\n\u003cli\u003eAlternatively, an authenticated attacker exploits CVE-2025-14773 (Stored Cross-Site Scripting) by injecting malicious HTML or JavaScript code into an input field or web form within the application.\u003c/li\u003e\n\u003cli\u003eWhen another user subsequently views the compromised web page or entity, the injected malicious script executes within their browser context, potentially leading to session hijacking, credential theft, or further client-side compromise.\u003c/li\u003e\n\u003cli\u003eIn parallel, an unauthenticated attacker could directly exploit CVE-2025-14774 by gaining physical access to a serial device and sending a specially crafted message to the ABB T-MAC Plus Card Reader service.\u003c/li\u003e\n\u003cli\u003eThis crafted message triggers an insecure network protocol flaw, causing the Card Reader service to become unresponsive, leading to a denial-of-service (DoS) condition that requires manual intervention to restore functionality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe combined impact of these vulnerabilities is severe for organizations utilizing ABB T-MAC Plus version 4.0-24. Successful exploitation of CVE-2025-14771 can lead to the full compromise and exfiltration of sensitive data from the system. CVE-2025-14772 allows for privilege escalation, enabling attackers with low-level access to gain full administrative control over the application. CVE-2025-14773 exposes users to arbitrary client-side code execution, potentially leading to session hijacking, credential theft, or further compromises of client machines. Finally, CVE-2025-14774 can result in a denial-of-service for critical card reader services, disrupting operations in critical manufacturing environments where ABB T-MAC Plus is deployed. The critical CVSSv3 base score of 9.9 for CVE-2025-14771 underscores the high risk of data confidentiality, integrity, and availability compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, and CVE-2025-14774 immediately\u003c/strong\u003e by upgrading ABB T-MAC Plus to version 4.0-25.\u003c/li\u003e\n\u003cli\u003eImplement the mitigation strategy for CVE-2025-14771 by ensuring File Browsing Feature is disabled and the default IIS site is removed on the IIS server hosting the ABB T-MAC Plus web application.\u003c/li\u003e\n\u003cli\u003eReview and correctly apply privileges associated with different user roles in the ABB T-MAC Plus web application as a mitigation for CVE-2025-14772, ensuring unprivileged users cannot perform administrative operations.\u003c/li\u003e\n\u003cli\u003eFor CVE-2025-14774, restrict physical access to serial devices connected to the ABB T-MAC Plus system to prevent unauthenticated denial-of-service attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T15:47:46Z","date_published":"2026-07-14T15:47:46Z","id":"https://feed.craftedsignal.io/briefs/2026-07-abb-tmac-plus-vulnerabilities/","summary":"CISA has issued an advisory regarding critical and high-severity vulnerabilities CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, and CVE-2025-14774 in ABB T-MAC Plus version 4.0-24, which could allow authenticated attackers to exfiltrate sensitive files, bypass authorization for administrative operations, execute arbitrary client-side code via cross-site scripting, or for unauthenticated attackers to cause a denial-of-service condition.","title":"Multiple Critical and High-Severity Vulnerabilities in ABB T-MAC Plus","url":"https://feed.craftedsignal.io/briefs/2026-07-abb-tmac-plus-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - Cpe:2.3:a:abb:t-Mac_plus:4.0-24:*:*:*:*:*:*:*","version":"https://jsonfeed.org/version/1.1"}