CVE-2025-4677 is classified under CWE-613 (Insufficient Session Expiration) and affects ABB WebPro SNMP Card PowerValue and PowerValue UL devices through version 1.1.8.K. The vulnerability arises because the affected devices do not properly expire SNMP management sessions after a reasonable timeout period. This can lead to sessions remaining active indefinitely or longer than intended, which may allow an attacker with network access to maintain control or cause resource exhaustion, resulting in denial of service (DoS) conditions. The CVSS v3.1 score of 6.5 reflects a medium severity primarily due to the impact on availability (A:H) while confidentiality and integrity remain unaffected (C:N, I:N). The attack vector is adjacent network (AV:A), meaning the attacker must have access to the local network segment or VPN. No privileges or user interaction are required, increasing the risk in environments where network access is not tightly controlled. Although no known exploits are currently reported in the wild, the vulnerability poses a risk to operational continuity, especially in industrial or critical infrastructure environments where ABB WebPro SNMP Cards are deployed for device management and monitoring. The lack of session expiration can allow stale sessions to accumulate, potentially leading to resource depletion or unauthorized prolonged access to device management interfaces.

For European organizations, the primary impact is on availability of ABB WebPro SNMP Card PowerValue devices, which are commonly used in industrial automation, power management, and critical infrastructure sectors. Prolonged or stale sessions can cause resource exhaustion, leading to device unavailability or degraded performance. This can disrupt monitoring and control systems, potentially causing operational downtime or delayed response to system events. While confidentiality and integrity are not directly impacted, the availability disruption can have cascading effects on industrial processes and critical services. Organizations with extensive ABB deployments in manufacturing, energy, or utilities sectors in Europe could face operational risks and potential financial losses due to service interruptions. The vulnerability is especially concerning in environments where network segmentation is weak or where remote access to management interfaces is permitted without strict controls.

To mitigate CVE-2025-4677, organizations should implement the following specific measures: 1) Apply vendor patches or firmware updates as soon as they become available to ensure proper session expiration handling. 2) Enforce strict network segmentation and access controls to limit SNMP management traffic to authorized personnel and systems only. 3) Deploy network monitoring to detect and alert on unusual session durations or excessive SNMP session counts. 4) Configure SNMP community strings and access rights to minimize exposure and restrict management access. 5) Use VPNs or secure tunnels with strong authentication for remote management access to reduce the attack surface. 6) Regularly audit device configurations and session management logs to identify stale or orphaned sessions. 7) Consider implementing session timeout policies at the network or device level where supported. These targeted actions go beyond generic advice by focusing on session lifecycle management and network-level protections tailored to ABB WebPro SNMP Card deployments.