CVE-2025-30170 is a medium-severity vulnerability identified in ABB's ASPECT-Enterprise, NEXUS Series, and MATRIX Series products up to version 3.08.03. The vulnerability is classified under CWE-497, which involves the exposure of sensitive system information to an unauthorized control sphere. Specifically, this flaw allows an attacker who has compromised session administrator credentials to gain access to sensitive file system information such as file paths, file sizes, or the existence of files. This exposure can provide attackers with valuable intelligence about the underlying system structure and potentially aid in further exploitation or lateral movement within the network. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N) with low attack complexity (AC:L). However, it requires privileges equivalent to a high-level authenticated user (PR:H) and partial authentication (AT:P). The impact on confidentiality is high due to the exposure of sensitive information, while integrity and availability impacts are low or none. The vulnerability affects the confidentiality of the system by revealing sensitive file system metadata, which can be leveraged in targeted attacks or reconnaissance. No known exploits are currently reported in the wild, and no patches have been linked yet. The CVSS 4.0 vector indicates no user interaction is needed, and the vulnerability does not affect system availability or integrity directly but compromises confidentiality significantly. This vulnerability is particularly relevant for industrial control systems and enterprise environments where ABB's ASPECT products are deployed, as attackers with administrator session credentials can extract sensitive system information that may facilitate further attacks or system compromise.

For European organizations, especially those in critical infrastructure sectors such as energy, manufacturing, and utilities that rely on ABB's ASPECT-Enterprise and related products, this vulnerability poses a significant risk. Exposure of file system information can aid attackers in crafting more effective attacks, including privilege escalation, lateral movement, or targeted malware deployment. Since the vulnerability requires compromised administrator session credentials, the initial breach vector may be through phishing, credential theft, or insider threats. The impact is heightened in environments where these systems are integrated with operational technology (OT) networks, potentially bridging IT and OT environments and increasing the risk of operational disruption. Confidentiality breaches in these contexts can lead to loss of sensitive operational data, intellectual property, or system configuration details, which could be exploited for sabotage or espionage. European organizations must consider the regulatory implications, including GDPR, as exposure of sensitive system information could be considered a data breach if it leads to unauthorized access to personal or sensitive data. The medium severity rating suggests that while the vulnerability is not immediately critical, it represents a meaningful risk that could be exploited in targeted attacks against high-value assets.

1. Immediately restrict and monitor access to administrator sessions to prevent credential compromise. Implement multi-factor authentication (MFA) for all administrative access to ABB ASPECT-Enterprise and related systems. 2. Conduct thorough audits of existing administrator sessions and credentials to detect any unauthorized access or anomalies. 3. Network segmentation should be enforced to isolate ABB ASPECT systems from less secure network zones, limiting exposure in case of credential compromise. 4. Apply the principle of least privilege to reduce the number of users with high-level administrative rights and regularly review these privileges. 5. Monitor system logs and network traffic for unusual file access patterns or reconnaissance activities that may indicate exploitation attempts. 6. Engage with ABB for timely patches or updates addressing this vulnerability and plan for rapid deployment once available. 7. Implement intrusion detection and prevention systems (IDS/IPS) tailored to detect suspicious activities related to file system enumeration or unauthorized information disclosure. 8. Train staff on recognizing phishing and social engineering attacks that could lead to credential compromise, as this is a prerequisite for exploitation. 9. Develop and test incident response plans specific to OT and industrial control system environments to quickly contain and remediate breaches involving ABB ASPECT products.