CVE-2025-9574 - Vulnerability Details

Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Abb	Als-mini-s4 Als-mini-s8

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006007&LanguageCode=en&DocumentPartId=PDF&Action=Launch

History

Fri, 24 Oct 2025 10:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`	cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Tue, 21 Oct 2025 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Abb Abb als-mini-s4 Abb als-mini-s8
Vendors & Products		Abb Abb als-mini-s4 Abb als-mini-s8

Mon, 20 Oct 2025 20:00:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 20 Oct 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166
Title		Missing Authentication Vulnerability
Weaknesses		CWE-306
References		https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006007&LanguageCode=en&DocumentPartId=PDF&Action=Launch
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 9.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:H/S:N/AU:Y/R:U/V:D/RE:M/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2025-10-20T16:56:32.337Z

Updated: 2025-10-24T10:04:57.390Z

Reserved: 2025-08-28T10:04:01.947Z

Link: CVE-2025-9574

Vulnrichment

Updated: 2025-10-20T17:32:43.042Z

NVD

Status : Awaiting Analysis

Published: 2025-10-20T17:15:39.367

Modified: 2025-10-24T10:15:39.340

Link: CVE-2025-9574

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object