<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>800xA for Advant Master 6.1.1-4 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/800xa-for-advant-master-6.1.1-4/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 14 Jul 2026 15:49:45 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/800xa-for-advant-master-6.1.1-4/feed.xml" rel="self" type="application/rss+xml"/><item><title>Vulnerability in ABB Advant Master Online Builder Allows Code Execution</title><link>https://feed.craftedsignal.io/briefs/2026-07-abb-advant-master-online-builder-vulnerability/</link><pubDate>Tue, 14 Jul 2026 15:49:45 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-abb-advant-master-online-builder-vulnerability/</guid><description>A vulnerability (CVE-2025-13162) exists in ABB Advant Master Online Builder products, including Control Builder A and 800xA for Advant Master, enabling an attacker with necessary local access to execute unauthorized code by exploiting an uncontrolled search path element (CWE-427) to load malicious DLLs, compromising system integrity within critical manufacturing environments.</description><content:encoded><![CDATA[<p>A vulnerability, tracked as CVE-2025-13162 (CVSS v3.1 Base Score 4.4, Medium severity), affects ABB Advant Master Online Builder products, specifically Control Builder A (versions &lt;=1.4/4) and 800xA for Advant Master (multiple versions up to 6.2.0-2). The vulnerability stems from an 'Uncontrolled Search Path Element' (CWE-427), where the application improperly handles the search path for loading Dynamic Link Libraries (DLLs). An attacker who has gained local access to an affected system node can exploit this by placing a malicious DLL in an unrestricted application directory. This causes the legitimate application to load and execute the malicious DLL, leading to unauthorized code execution and compromising the system's integrity within critical manufacturing environments globally. ABB has released updates to address this issue. As of the advisory's publication, ABB had not observed exploitation of this vulnerability in the wild.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker gains local access to an ABB Advant Master Online Builder system node.</li>
<li>Attacker identifies an application directory with insufficient permission restrictions that is used by the vulnerable ABB software.</li>
<li>Attacker crafts a malicious Dynamic Link Library (DLL) designed to achieve their objective.</li>
<li>Attacker places the malicious DLL into the identified unrestricted application directory on the target system.</li>
<li>The legitimate ABB Advant Master Online Builder application is launched or attempts to load a required DLL.</li>
<li>Due to the uncontrolled search path element, the application loads the attacker's malicious DLL instead of the legitimate one.</li>
<li>The malicious DLL executes with the privileges of the affected application, enabling unauthorized code execution and compromising system integrity.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>If successfully exploited, this vulnerability allows for unauthorized code execution and compromise of system integrity on the affected ABB Advant Master Online Builder system node. While CISA states that no exploitation was observed at the time of the advisory, the vulnerability could be leveraged to gain further control over industrial control systems. The affected products are widely deployed in Critical Manufacturing sectors worldwide, making successful exploitation a significant risk to operational technology environments.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2025-13162 immediately by updating ABB Control Builder A to version 1.4/5 or later.</li>
<li>Patch CVE-2025-13162 immediately by updating ABB 800xA for Advant Master to version 6.1.1-5 or 6.2.0-3 or later.</li>
<li>Implement recommended mitigation strategies by ABB to restrict temporary connections of portable devices and enforce strong password policies for users with system access, as detailed in the ABB advisory.</li>
<li>Minimize network exposure for all control system devices, ensuring they are not internet-accessible, and isolate control system networks behind firewalls as recommended by CISA.</li>
</ul>
]]></content:encoded><category domain="severity">low</category><category domain="type">advisory</category><category>ics</category><category>vulnerability</category><category>dll-hijacking</category><category>cwe-427</category></item></channel></rss>