CVE-2024-47784 is a vulnerability identified in ABB's ANC software, specifically affecting versions 1.1.4 and earlier. The vulnerability is classified under CWE-620, which pertains to unverified password changes. The issue arises in the web-based Human Machine Interface (HMI) of the ANC software, where an authenticated attacker with low privileges can bypass the verification of the old password when attempting to change the password. This means that once an attacker has authenticated access to the system, they can change the password without needing to know the current one, effectively escalating their control over the account or potentially locking out legitimate users. The vulnerability requires authentication but no user interaction beyond the attacker’s own actions, and it has a low CVSS 4.0 score of 2.1, reflecting limited impact and high attack complexity. The attack vector is adjacent network (AV:A), requiring the attacker to have network access to the system but not physical access. The vulnerability does not affect confidentiality or availability directly but impacts integrity by allowing unauthorized password changes. The vulnerability is not known to be exploited in the wild, and no patches have been published at the time of analysis. The ANC software is used in industrial automation contexts, where secure access control is critical for operational safety and reliability.

For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that deploy ABB ANC software, this vulnerability poses a risk to operational security. An attacker exploiting this flaw could gain unauthorized control over user accounts, potentially leading to unauthorized configuration changes, disruption of industrial processes, or denial of access for legitimate operators. While the vulnerability itself has a low severity score, the operational context of ANC software means that even minor unauthorized changes can have outsized consequences, including safety risks and production downtime. The requirement for authenticated access limits the threat to insiders or attackers who have already compromised credentials, but it still represents a significant risk in environments where credential hygiene is weak or where lateral movement within networks is possible. European critical infrastructure operators using ABB ANC should be particularly vigilant, as disruption or manipulation of industrial control systems can have cascading effects on supply chains and public safety.

1. Implement strict network segmentation to limit access to the ANC web HMI interface only to authorized personnel and systems, reducing the attack surface. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise that could enable exploitation. 3. Monitor and audit all password change activities within the ANC system to detect anomalous or unauthorized changes promptly. 4. Restrict user privileges to the minimum necessary, ensuring that only trusted users have the ability to change passwords or access sensitive configuration interfaces. 5. Since no official patch is currently available, consider deploying compensating controls such as web application firewalls (WAFs) with custom rules to detect and block suspicious password change requests that do not include old password verification. 6. Conduct regular security awareness training focused on credential security and insider threat mitigation. 7. Engage with ABB support channels to obtain updates on patch availability and apply them promptly once released.