{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/800xa-for-advant-master-6.2.0-2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":4.4,"id":"CVE-2025-13162"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Control Builder A \u003c= 1.4/4","800xA for Advant Master \u003c= 6.0.3-1","800xA for Advant Master \u003c= 6.1.1-1","800xA for Advant Master 6.1.1-3","800xA for Advant Master 6.1.1-4","800xA for Advant Master 6.2.0-1","800xA for Advant Master 6.2.0-2"],"_cs_severities":["low"],"_cs_tags":["ics","vulnerability","dll-hijacking","cwe-427"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eA vulnerability, tracked as CVE-2025-13162 (CVSS v3.1 Base Score 4.4, Medium severity), affects ABB Advant Master Online Builder products, specifically Control Builder A (versions \u0026lt;=1.4/4) and 800xA for Advant Master (multiple versions up to 6.2.0-2). The vulnerability stems from an 'Uncontrolled Search Path Element' (CWE-427), where the application improperly handles the search path for loading Dynamic Link Libraries (DLLs). An attacker who has gained local access to an affected system node can exploit this by placing a malicious DLL in an unrestricted application directory. This causes the legitimate application to load and execute the malicious DLL, leading to unauthorized code execution and compromising the system's integrity within critical manufacturing environments globally. ABB has released updates to address this issue. As of the advisory's publication, ABB had not observed exploitation of this vulnerability in the wild.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to an ABB Advant Master Online Builder system node.\u003c/li\u003e\n\u003cli\u003eAttacker identifies an application directory with insufficient permission restrictions that is used by the vulnerable ABB software.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious Dynamic Link Library (DLL) designed to achieve their objective.\u003c/li\u003e\n\u003cli\u003eAttacker places the malicious DLL into the identified unrestricted application directory on the target system.\u003c/li\u003e\n\u003cli\u003eThe legitimate ABB Advant Master Online Builder application is launched or attempts to load a required DLL.\u003c/li\u003e\n\u003cli\u003eDue to the uncontrolled search path element, the application loads the attacker's malicious DLL instead of the legitimate one.\u003c/li\u003e\n\u003cli\u003eThe malicious DLL executes with the privileges of the affected application, enabling unauthorized code execution and compromising system integrity.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eIf successfully exploited, this vulnerability allows for unauthorized code execution and compromise of system integrity on the affected ABB Advant Master Online Builder system node. While CISA states that no exploitation was observed at the time of the advisory, the vulnerability could be leveraged to gain further control over industrial control systems. The affected products are widely deployed in Critical Manufacturing sectors worldwide, making successful exploitation a significant risk to operational technology environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2025-13162 immediately by updating ABB Control Builder A to version 1.4/5 or later.\u003c/li\u003e\n\u003cli\u003ePatch CVE-2025-13162 immediately by updating ABB 800xA for Advant Master to version 6.1.1-5 or 6.2.0-3 or later.\u003c/li\u003e\n\u003cli\u003eImplement recommended mitigation strategies by ABB to restrict temporary connections of portable devices and enforce strong password policies for users with system access, as detailed in the ABB advisory.\u003c/li\u003e\n\u003cli\u003eMinimize network exposure for all control system devices, ensuring they are not internet-accessible, and isolate control system networks behind firewalls as recommended by CISA.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T15:49:45Z","date_published":"2026-07-14T15:49:45Z","id":"https://feed.craftedsignal.io/briefs/2026-07-abb-advant-master-online-builder-vulnerability/","summary":"A vulnerability (CVE-2025-13162) exists in ABB Advant Master Online Builder products, including Control Builder A and 800xA for Advant Master, enabling an attacker with necessary local access to execute unauthorized code by exploiting an uncontrolled search path element (CWE-427) to load malicious DLLs, compromising system integrity within critical manufacturing environments.","title":"Vulnerability in ABB Advant Master Online Builder Allows Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-07-abb-advant-master-online-builder-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed - 800xA for Advant Master 6.2.0-2","version":"https://jsonfeed.org/version/1.1"}