Skip to main content

CVE-2025-2410: CWE-99 Improper Control of Resource Identifiers ('Resource Injection') in ABB ASPECT-Enterprise

High
VulnerabilityCVE-2025-2410cvecve-2025-2410cwe-99
Published: Thu May 22 2025 (05/22/2025, 17:32:35 UTC)
Source: CVE
Vendor/Project: ABB
Product: ASPECT-Enterprise

Description

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

AI-Powered Analysis

AILast updated: 07/08/2025, 04:57:32 UTC

Technical Analysis

CVE-2025-2410 is a high-severity vulnerability classified under CWE-99 (Improper Control of Resource Identifiers, also known as Resource Injection) affecting ABB's ASPECT-Enterprise, NEXUS Series, and MATRIX Series products up to version 3.08.03. The vulnerability arises from port manipulation flaws within the ASPECT platform, which is used for industrial control and enterprise communication management. Specifically, if an attacker obtains session administrator credentials, they can exploit this vulnerability to manipulate TCP/IP port access controls improperly. This could allow unauthorized control over network ports, potentially enabling attackers to reroute, intercept, or disrupt communications within the affected systems. The CVSS 4.0 base score of 8.9 reflects the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), requiring privileged authentication (PR:H), no user interaction (UI:N), and very high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). The scope is unchanged (S:N), and the vulnerability does not allow unauthorized access but escalates control once privileged credentials are compromised. The lack of known exploits in the wild suggests it is not yet actively weaponized, but the high impact and ease of exploitation post-credential compromise make it a critical concern for organizations relying on these ABB products. The vulnerability's root cause is improper validation or control of resource identifiers, allowing attackers to inject or manipulate port configurations, which can severely disrupt industrial communication and control processes.

Potential Impact

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities that utilize ABB's ASPECT-Enterprise and related products, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized manipulation of network ports, causing disruption or interception of critical control communications. This could result in operational downtime, safety hazards, data breaches, and loss of control over industrial processes. Given the high confidentiality, integrity, and availability impacts, attackers could potentially cause cascading failures or sabotage industrial operations. The requirement for session administrator credentials means insider threats or credential theft via phishing or lateral movement could enable exploitation. The vulnerability's presence in widely deployed ABB industrial communication platforms means that affected organizations could face targeted attacks aiming to disrupt European industrial supply chains or critical services. The absence of known exploits currently provides a window for proactive mitigation, but the high severity necessitates urgent attention.

Mitigation Recommendations

1. Immediate review and restriction of session administrator credential usage and access controls to minimize risk of credential compromise. 2. Implement multi-factor authentication (MFA) for all privileged accounts managing ABB ASPECT-Enterprise and related systems to reduce the risk of credential misuse. 3. Monitor network traffic for unusual port access or configuration changes indicative of exploitation attempts. 4. Apply network segmentation to isolate ABB ASPECT-Enterprise systems from broader enterprise networks, limiting lateral movement opportunities. 5. Conduct regular audits of port configurations and access logs to detect unauthorized changes. 6. Engage with ABB for official patches or updates addressing CVE-2025-2410 and apply them promptly once available. 7. Enhance employee training on phishing and credential security to prevent initial compromise. 8. Deploy intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalies related to port manipulation within industrial control networks. 9. Establish incident response plans specifically addressing industrial control system compromises involving port manipulation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ABB
Date Reserved
2025-03-17T13:06:45.153Z
Cisa Enriched
false
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682f64490acd01a2492644d5

Added to database: 5/22/2025, 5:52:09 PM

Last enriched: 7/8/2025, 4:57:32 AM

Last updated: 8/3/2025, 6:15:20 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats