CVE-2024-47784: CWE-620: Unverified Password Change in ABB ANC
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.
AI Analysis
Technical Summary
CVE-2024-47784 is a vulnerability identified in ABB's ANC software, specifically affecting versions 1.1.4 and earlier. The vulnerability is classified under CWE-620, which pertains to unverified password changes. The issue arises in the web-based Human Machine Interface (HMI) of the ANC software, where an authenticated attacker with low privileges can bypass the verification of the old password when attempting to change the password. This means that once an attacker has authenticated access to the system, they can change the password without needing to know the current one, effectively escalating their control over the account or potentially locking out legitimate users. The vulnerability requires authentication but no user interaction beyond the attacker’s own actions, and it has a low CVSS 4.0 score of 2.1, reflecting limited impact and high attack complexity. The attack vector is adjacent network (AV:A), requiring the attacker to have network access to the system but not physical access. The vulnerability does not affect confidentiality or availability directly but impacts integrity by allowing unauthorized password changes. The vulnerability is not known to be exploited in the wild, and no patches have been published at the time of analysis. The ANC software is used in industrial automation contexts, where secure access control is critical for operational safety and reliability.
Potential Impact
For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that deploy ABB ANC software, this vulnerability poses a risk to operational security. An attacker exploiting this flaw could gain unauthorized control over user accounts, potentially leading to unauthorized configuration changes, disruption of industrial processes, or denial of access for legitimate operators. While the vulnerability itself has a low severity score, the operational context of ANC software means that even minor unauthorized changes can have outsized consequences, including safety risks and production downtime. The requirement for authenticated access limits the threat to insiders or attackers who have already compromised credentials, but it still represents a significant risk in environments where credential hygiene is weak or where lateral movement within networks is possible. European critical infrastructure operators using ABB ANC should be particularly vigilant, as disruption or manipulation of industrial control systems can have cascading effects on supply chains and public safety.
Mitigation Recommendations
1. Implement strict network segmentation to limit access to the ANC web HMI interface only to authorized personnel and systems, reducing the attack surface. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise that could enable exploitation. 3. Monitor and audit all password change activities within the ANC system to detect anomalous or unauthorized changes promptly. 4. Restrict user privileges to the minimum necessary, ensuring that only trusted users have the ability to change passwords or access sensitive configuration interfaces. 5. Since no official patch is currently available, consider deploying compensating controls such as web application firewalls (WAFs) with custom rules to detect and block suspicious password change requests that do not include old password verification. 6. Conduct regular security awareness training focused on credential security and insider threat mitigation. 7. Engage with ABB support channels to obtain updates on patch availability and apply them promptly once released.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Belgium, Poland
CVE-2024-47784: CWE-620: Unverified Password Change in ABB ANC
Description
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.
AI-Powered Analysis
Technical Analysis
CVE-2024-47784 is a vulnerability identified in ABB's ANC software, specifically affecting versions 1.1.4 and earlier. The vulnerability is classified under CWE-620, which pertains to unverified password changes. The issue arises in the web-based Human Machine Interface (HMI) of the ANC software, where an authenticated attacker with low privileges can bypass the verification of the old password when attempting to change the password. This means that once an attacker has authenticated access to the system, they can change the password without needing to know the current one, effectively escalating their control over the account or potentially locking out legitimate users. The vulnerability requires authentication but no user interaction beyond the attacker’s own actions, and it has a low CVSS 4.0 score of 2.1, reflecting limited impact and high attack complexity. The attack vector is adjacent network (AV:A), requiring the attacker to have network access to the system but not physical access. The vulnerability does not affect confidentiality or availability directly but impacts integrity by allowing unauthorized password changes. The vulnerability is not known to be exploited in the wild, and no patches have been published at the time of analysis. The ANC software is used in industrial automation contexts, where secure access control is critical for operational safety and reliability.
Potential Impact
For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that deploy ABB ANC software, this vulnerability poses a risk to operational security. An attacker exploiting this flaw could gain unauthorized control over user accounts, potentially leading to unauthorized configuration changes, disruption of industrial processes, or denial of access for legitimate operators. While the vulnerability itself has a low severity score, the operational context of ANC software means that even minor unauthorized changes can have outsized consequences, including safety risks and production downtime. The requirement for authenticated access limits the threat to insiders or attackers who have already compromised credentials, but it still represents a significant risk in environments where credential hygiene is weak or where lateral movement within networks is possible. European critical infrastructure operators using ABB ANC should be particularly vigilant, as disruption or manipulation of industrial control systems can have cascading effects on supply chains and public safety.
Mitigation Recommendations
1. Implement strict network segmentation to limit access to the ANC web HMI interface only to authorized personnel and systems, reducing the attack surface. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise that could enable exploitation. 3. Monitor and audit all password change activities within the ANC system to detect anomalous or unauthorized changes promptly. 4. Restrict user privileges to the minimum necessary, ensuring that only trusted users have the ability to change passwords or access sensitive configuration interfaces. 5. Since no official patch is currently available, consider deploying compensating controls such as web application firewalls (WAFs) with custom rules to detect and block suspicious password change requests that do not include old password verification. 6. Conduct regular security awareness training focused on credential security and insider threat mitigation. 7. Engage with ABB support channels to obtain updates on patch availability and apply them promptly once released.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ABB
- Date Reserved
- 2024-10-01T07:37:17.076Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d983ac4522896dcbed745
Added to database: 5/21/2025, 9:09:14 AM
Last enriched: 6/25/2025, 12:32:14 PM
Last updated: 7/31/2025, 6:58:35 AM
Views: 20
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.