CVE-2025-3395: CWE-732 Incorrect Permission Assignment for Critical Resource in ABB Automation Builder
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
AI Analysis
Technical Summary
CVE-2025-3395 is a high-severity vulnerability affecting ABB Automation Builder versions up to and including 2.8.0. The vulnerability involves incorrect permission assignment for critical resources (CWE-732) combined with cleartext storage of sensitive information (CWE-312). Specifically, Automation Builder improperly sets permissions on critical resources, potentially allowing unauthorized users with limited privileges to access or modify sensitive components or data. Additionally, sensitive information is stored in cleartext, increasing the risk of exposure if an attacker gains access to the system or files. The CVSS 4.0 base score of 8.4 reflects the significant impact on confidentiality and integrity, with a local attack vector (AV:L), low attack complexity (AC:L), no authentication required (AT:N), and low privileges needed (PR:L). There is no user interaction required (UI:N), but the vulnerability affects confidentiality and integrity to a high degree (VC:H, VI:H). The vulnerability does not impact availability (VA:N). The scope is unchanged (S:N), and there are no known exploits in the wild at the time of publication. The vulnerability was reserved on April 7, 2025, and published on April 30, 2025. ABB Automation Builder is a software suite used for programming, configuring, and commissioning ABB industrial automation devices, including PLCs and control systems, which are critical components in industrial control systems (ICS) and operational technology (OT) environments. Exploitation of this vulnerability could allow an attacker with limited local access to escalate privileges, access sensitive configuration data, or manipulate automation logic, potentially leading to operational disruptions or safety risks in industrial environments.
Potential Impact
For European organizations, especially those operating in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure, this vulnerability poses a significant risk. ABB Automation Builder is widely used across Europe in industrial automation and control systems. Exploitation could lead to unauthorized disclosure of sensitive configuration data, intellectual property theft, or unauthorized modification of control logic, which may cause production downtime, safety incidents, or compromised system integrity. Given the critical role of automation in sectors like energy grids, water treatment, and manufacturing plants, the vulnerability could have cascading effects on operational continuity and safety. Furthermore, the cleartext storage of sensitive information increases the risk of credential or key exposure, facilitating further attacks. The local attack vector means that attackers would need some level of access to the affected system, which could be achieved via insider threats, compromised user accounts, or lateral movement after initial network compromise. The high impact on confidentiality and integrity underscores the potential for serious operational and reputational damage to European organizations relying on ABB Automation Builder.
Mitigation Recommendations
1. Immediate application of any available patches or updates from ABB once released is critical, even though no patch links are currently provided. 2. Restrict local access to systems running Automation Builder to trusted personnel only, enforcing strict access controls and monitoring. 3. Implement network segmentation to isolate engineering workstations and automation programming environments from general IT networks and internet access to reduce the risk of lateral movement. 4. Conduct thorough audits of file system permissions and correct any improper permission assignments on critical resources related to Automation Builder installations. 5. Encrypt sensitive files and configuration data at rest using OS-level or third-party encryption tools to mitigate risks from cleartext storage until official fixes are available. 6. Employ endpoint detection and response (EDR) solutions to detect suspicious local privilege escalation attempts or unauthorized access to Automation Builder resources. 7. Train staff on the risks of local privilege escalation and the importance of safeguarding credentials and limiting software installation privileges. 8. Monitor logs for unusual access patterns or modifications to automation project files or configurations. 9. Consider implementing multi-factor authentication (MFA) for access to systems running Automation Builder to reduce risk from compromised credentials. 10. Establish incident response plans specifically addressing potential ICS/OT compromise scenarios involving ABB Automation Builder.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Belgium, Spain, Poland, Czech Republic
CVE-2025-3395: CWE-732 Incorrect Permission Assignment for Critical Resource in ABB Automation Builder
Description
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.
AI-Powered Analysis
Technical Analysis
CVE-2025-3395 is a high-severity vulnerability affecting ABB Automation Builder versions up to and including 2.8.0. The vulnerability involves incorrect permission assignment for critical resources (CWE-732) combined with cleartext storage of sensitive information (CWE-312). Specifically, Automation Builder improperly sets permissions on critical resources, potentially allowing unauthorized users with limited privileges to access or modify sensitive components or data. Additionally, sensitive information is stored in cleartext, increasing the risk of exposure if an attacker gains access to the system or files. The CVSS 4.0 base score of 8.4 reflects the significant impact on confidentiality and integrity, with a local attack vector (AV:L), low attack complexity (AC:L), no authentication required (AT:N), and low privileges needed (PR:L). There is no user interaction required (UI:N), but the vulnerability affects confidentiality and integrity to a high degree (VC:H, VI:H). The vulnerability does not impact availability (VA:N). The scope is unchanged (S:N), and there are no known exploits in the wild at the time of publication. The vulnerability was reserved on April 7, 2025, and published on April 30, 2025. ABB Automation Builder is a software suite used for programming, configuring, and commissioning ABB industrial automation devices, including PLCs and control systems, which are critical components in industrial control systems (ICS) and operational technology (OT) environments. Exploitation of this vulnerability could allow an attacker with limited local access to escalate privileges, access sensitive configuration data, or manipulate automation logic, potentially leading to operational disruptions or safety risks in industrial environments.
Potential Impact
For European organizations, especially those operating in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure, this vulnerability poses a significant risk. ABB Automation Builder is widely used across Europe in industrial automation and control systems. Exploitation could lead to unauthorized disclosure of sensitive configuration data, intellectual property theft, or unauthorized modification of control logic, which may cause production downtime, safety incidents, or compromised system integrity. Given the critical role of automation in sectors like energy grids, water treatment, and manufacturing plants, the vulnerability could have cascading effects on operational continuity and safety. Furthermore, the cleartext storage of sensitive information increases the risk of credential or key exposure, facilitating further attacks. The local attack vector means that attackers would need some level of access to the affected system, which could be achieved via insider threats, compromised user accounts, or lateral movement after initial network compromise. The high impact on confidentiality and integrity underscores the potential for serious operational and reputational damage to European organizations relying on ABB Automation Builder.
Mitigation Recommendations
1. Immediate application of any available patches or updates from ABB once released is critical, even though no patch links are currently provided. 2. Restrict local access to systems running Automation Builder to trusted personnel only, enforcing strict access controls and monitoring. 3. Implement network segmentation to isolate engineering workstations and automation programming environments from general IT networks and internet access to reduce the risk of lateral movement. 4. Conduct thorough audits of file system permissions and correct any improper permission assignments on critical resources related to Automation Builder installations. 5. Encrypt sensitive files and configuration data at rest using OS-level or third-party encryption tools to mitigate risks from cleartext storage until official fixes are available. 6. Employ endpoint detection and response (EDR) solutions to detect suspicious local privilege escalation attempts or unauthorized access to Automation Builder resources. 7. Train staff on the risks of local privilege escalation and the importance of safeguarding credentials and limiting software installation privileges. 8. Monitor logs for unusual access patterns or modifications to automation project files or configurations. 9. Consider implementing multi-factor authentication (MFA) for access to systems running Automation Builder to reduce risk from compromised credentials. 10. Establish incident response plans specifically addressing potential ICS/OT compromise scenarios involving ABB Automation Builder.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ABB
- Date Reserved
- 2025-04-07T08:28:05.273Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbee300
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 6/25/2025, 5:50:56 AM
Last updated: 7/31/2025, 2:44:38 AM
Views: 10
Related Threats
CVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighTop Israeli Cybersecurity Director Arrested in US Child Exploitation Sting
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.