CVE-2025-9574 identifies a Missing Authentication for Critical Function vulnerability (CWE-306) in ABB’s ALS-mini-s4 IP and ALS-mini-s8 IP devices, which are used in industrial automation and control environments. The vulnerability affects all firmware versions with serial numbers between 2000 and 5166. The core issue is that certain critical functions within these devices can be accessed and executed without any authentication, allowing unauthenticated remote attackers to perform unauthorized operations. The CVSS 4.0 base score of 9.9 reflects the vulnerability’s critical nature, with an attack vector of network (AV:N), no required privileges (PR:N), no user interaction (UI:N), and high impact on confidentiality (C:H) and integrity (I:H). This means attackers can remotely exploit the vulnerability without any credentials or user involvement, potentially leading to unauthorized control over device functions. The vulnerability does not require physical access or prior authentication, making it highly exploitable in networked environments. Although no public exploits have been reported yet, the severity and ease of exploitation make it a significant threat to industrial control systems relying on these ABB devices. The lack of authentication could allow attackers to manipulate device behavior, disrupt industrial processes, or cause safety hazards. Given ABB’s widespread use in European industrial sectors, this vulnerability poses a substantial risk to critical infrastructure and manufacturing operations.

For European organizations, this vulnerability presents a high risk of unauthorized access and control over critical industrial automation devices. Exploitation could lead to operational disruptions, safety incidents, and potential data breaches within industrial control systems. The absence of authentication means attackers can remotely manipulate device functions, potentially causing process failures or unsafe conditions. This could affect sectors such as energy, manufacturing, transportation, and utilities, where ABB’s ALS-mini devices are deployed. The impact extends beyond operational downtime to regulatory and compliance risks, especially under EU cybersecurity and critical infrastructure protection frameworks. The potential for widespread disruption in interconnected industrial environments could also have cascading effects on supply chains and national infrastructure resilience. Organizations may face financial losses, reputational damage, and increased scrutiny from regulators if the vulnerability is exploited. The critical severity underscores the urgency for European entities to address this flaw proactively.

1. Immediate firmware updates: Monitor ABB’s official channels for patches addressing CVE-2025-9574 and apply them promptly to affected devices. 2. Network segmentation: Isolate ALS-mini devices within secure network zones to limit exposure to untrusted networks and reduce attack surface. 3. Access control enforcement: Implement strict network access controls and firewall rules to restrict communication to and from these devices only to authorized management systems. 4. Monitoring and logging: Deploy continuous monitoring solutions to detect anomalous activities targeting ALS-mini devices, including unauthorized access attempts. 5. Incident response readiness: Prepare and test incident response plans specific to industrial control system compromises involving ABB devices. 6. Vendor engagement: Engage with ABB support for guidance and potential interim mitigations if patches are delayed. 7. Disable unnecessary services: Where possible, disable or restrict critical functions that do not require remote access to minimize risk exposure. 8. Physical security: Ensure physical access to devices is controlled to prevent local exploitation or tampering. These measures combined will reduce the likelihood and impact of exploitation until a permanent fix is applied.