Skip to main content

CVE-2024-47784: CWE-620: Unverified Password Change in ABB ANC

Low
VulnerabilityCVE-2024-47784cvecve-2024-47784cwe-620
Published: Wed Apr 30 2025 (04/30/2025, 18:17:02 UTC)
Source: CVE
Vendor/Project: ABB
Product: ANC

Description

Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

AI-Powered Analysis

AILast updated: 06/25/2025, 12:32:14 UTC

Technical Analysis

CVE-2024-47784 is a vulnerability identified in ABB's ANC software, specifically affecting versions 1.1.4 and earlier. The vulnerability is classified under CWE-620, which pertains to unverified password changes. The issue arises in the web-based Human Machine Interface (HMI) of the ANC software, where an authenticated attacker with low privileges can bypass the verification of the old password when attempting to change the password. This means that once an attacker has authenticated access to the system, they can change the password without needing to know the current one, effectively escalating their control over the account or potentially locking out legitimate users. The vulnerability requires authentication but no user interaction beyond the attacker’s own actions, and it has a low CVSS 4.0 score of 2.1, reflecting limited impact and high attack complexity. The attack vector is adjacent network (AV:A), requiring the attacker to have network access to the system but not physical access. The vulnerability does not affect confidentiality or availability directly but impacts integrity by allowing unauthorized password changes. The vulnerability is not known to be exploited in the wild, and no patches have been published at the time of analysis. The ANC software is used in industrial automation contexts, where secure access control is critical for operational safety and reliability.

Potential Impact

For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that deploy ABB ANC software, this vulnerability poses a risk to operational security. An attacker exploiting this flaw could gain unauthorized control over user accounts, potentially leading to unauthorized configuration changes, disruption of industrial processes, or denial of access for legitimate operators. While the vulnerability itself has a low severity score, the operational context of ANC software means that even minor unauthorized changes can have outsized consequences, including safety risks and production downtime. The requirement for authenticated access limits the threat to insiders or attackers who have already compromised credentials, but it still represents a significant risk in environments where credential hygiene is weak or where lateral movement within networks is possible. European critical infrastructure operators using ABB ANC should be particularly vigilant, as disruption or manipulation of industrial control systems can have cascading effects on supply chains and public safety.

Mitigation Recommendations

1. Implement strict network segmentation to limit access to the ANC web HMI interface only to authorized personnel and systems, reducing the attack surface. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise that could enable exploitation. 3. Monitor and audit all password change activities within the ANC system to detect anomalous or unauthorized changes promptly. 4. Restrict user privileges to the minimum necessary, ensuring that only trusted users have the ability to change passwords or access sensitive configuration interfaces. 5. Since no official patch is currently available, consider deploying compensating controls such as web application firewalls (WAFs) with custom rules to detect and block suspicious password change requests that do not include old password verification. 6. Conduct regular security awareness training focused on credential security and insider threat mitigation. 7. Engage with ABB support channels to obtain updates on patch availability and apply them promptly once released.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ABB
Date Reserved
2024-10-01T07:37:17.076Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682d983ac4522896dcbed745

Added to database: 5/21/2025, 9:09:14 AM

Last enriched: 6/25/2025, 12:32:14 PM

Last updated: 7/31/2025, 6:58:35 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats