<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>ABB T-MAC Plus 4.0-24 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/abb-t-mac-plus-4.0-24/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 14 Jul 2026 15:47:46 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/abb-t-mac-plus-4.0-24/feed.xml" rel="self" type="application/rss+xml"/><item><title>Multiple Critical and High-Severity Vulnerabilities in ABB T-MAC Plus</title><link>https://feed.craftedsignal.io/briefs/2026-07-abb-tmac-plus-vulnerabilities/</link><pubDate>Tue, 14 Jul 2026 15:47:46 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-abb-tmac-plus-vulnerabilities/</guid><description>CISA has issued an advisory regarding critical and high-severity vulnerabilities CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, and CVE-2025-14774 in ABB T-MAC Plus version 4.0-24, which could allow authenticated attackers to exfiltrate sensitive files, bypass authorization for administrative operations, execute arbitrary client-side code via cross-site scripting, or for unauthenticated attackers to cause a denial-of-service condition.</description><content:encoded><![CDATA[<p>CISA has released an advisory highlighting multiple critical and high-severity vulnerabilities affecting ABB T-MAC Plus version 4.0-24, a product widely deployed in the Critical Manufacturing sector globally. These vulnerabilities include CVE-2025-14771, a critical file disclosure flaw allowing authenticated users to exfiltrate sensitive files via crafted HTTP GET requests; CVE-2025-14772, a high-severity authorization bypass enabling unprivileged users to perform administrative operations; CVE-2025-14773, a high-severity stored cross-site scripting (XSS) vulnerability that permits authenticated users to execute arbitrary JavaScript code on a victim's browser; and CVE-2025-14774, a high-severity insecure network protocol issue that can lead to an unauthenticated denial-of-service condition for the Card Reader service. Exploitation of these vulnerabilities could lead to significant system compromise, data exfiltration, privilege escalation, or service disruption. ABB has released T-MAC Plus version 4.0-25 to address these issues, urging customers to apply the update promptly.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker gains initial access to the ABB T-MAC Plus web application, either through legitimate but compromised credentials or by exploiting another vulnerability (e.g., an unauthenticated attacker targeting CVE-2025-14774).</li>
<li>If authenticated with low privileges, the attacker exploits CVE-2025-14772 (Authorization Bypass) by crafting specific HTTP requests to the web application that perform administrative operations typically restricted to higher-privileged users, thereby escalating their privileges.</li>
<li>With elevated or existing authenticated access, the attacker exploits CVE-2025-14771 (File Disclosure) by sending a specially crafted HTTP GET request to the web application.</li>
<li>The vulnerable web application, due to the misconfiguration or flaw in file access controls, responds with sensitive files to the attacker, leading to the exfiltration of confidential information.</li>
<li>Alternatively, an authenticated attacker exploits CVE-2025-14773 (Stored Cross-Site Scripting) by injecting malicious HTML or JavaScript code into an input field or web form within the application.</li>
<li>When another user subsequently views the compromised web page or entity, the injected malicious script executes within their browser context, potentially leading to session hijacking, credential theft, or further client-side compromise.</li>
<li>In parallel, an unauthenticated attacker could directly exploit CVE-2025-14774 by gaining physical access to a serial device and sending a specially crafted message to the ABB T-MAC Plus Card Reader service.</li>
<li>This crafted message triggers an insecure network protocol flaw, causing the Card Reader service to become unresponsive, leading to a denial-of-service (DoS) condition that requires manual intervention to restore functionality.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The combined impact of these vulnerabilities is severe for organizations utilizing ABB T-MAC Plus version 4.0-24. Successful exploitation of CVE-2025-14771 can lead to the full compromise and exfiltration of sensitive data from the system. CVE-2025-14772 allows for privilege escalation, enabling attackers with low-level access to gain full administrative control over the application. CVE-2025-14773 exposes users to arbitrary client-side code execution, potentially leading to session hijacking, credential theft, or further compromises of client machines. Finally, CVE-2025-14774 can result in a denial-of-service for critical card reader services, disrupting operations in critical manufacturing environments where ABB T-MAC Plus is deployed. The critical CVSSv3 base score of 9.9 for CVE-2025-14771 underscores the high risk of data confidentiality, integrity, and availability compromise.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, and CVE-2025-14774 immediately</strong> by upgrading ABB T-MAC Plus to version 4.0-25.</li>
<li>Implement the mitigation strategy for CVE-2025-14771 by ensuring File Browsing Feature is disabled and the default IIS site is removed on the IIS server hosting the ABB T-MAC Plus web application.</li>
<li>Review and correctly apply privileges associated with different user roles in the ABB T-MAC Plus web application as a mitigation for CVE-2025-14772, ensuring unprivileged users cannot perform administrative operations.</li>
<li>For CVE-2025-14774, restrict physical access to serial devices connected to the ABB T-MAC Plus system to prevent unauthenticated denial-of-service attacks.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>industrial-control-systems</category><category>scada</category><category>critical-manufacturing</category><category>vulnerability</category><category>web-application</category></item></channel></rss>