Lite Panel Pro Vulnerability in Session Management

Monitor6.72crt000008Jun 26, 2025

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

A session management vulnerability in ABB Lite Panel Pro allows an attacker with local network access and low privileges to bypass authentication and gain unauthorized access to the device during a limited time window. The vulnerability is tracked as CWE-613 (Insufficient Session Expiration). ABB has released a fix in version 1.1.0.

What this means

What could happen

An attacker on the same local network could gain unauthorized access to the Lite Panel Pro device during a short time window, potentially allowing them to read or modify sensitive device configuration or operational data.

Who's at risk

Organizations using ABB Lite Panel Pro devices for HMI (human-machine interface) or local control panels should prioritize this update. This affects any facility where Lite Panel Pro is used for equipment monitoring or control, particularly those on shared local networks with multiple user accounts.

How it could be exploited

An attacker with access to the local network would exploit a session management flaw in Lite Panel Pro to bypass authentication and gain unauthorized access to the device interface during a brief window when sessions are not properly validated or invalidated.

Prerequisites

Attacker must be on the same local network as the Lite Panel Pro device
Low privilege user account or the ability to trigger a session state (user interaction required per CVSS)

Local network access requiredLow attack complexityLow privilege requiredUser interaction requiredSession management flaw

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Lite Panel Pro≤ 1.0.11.1.0

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGReview and apply mitigation factors outlined in the Lite Panel Pro instruction manual

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Lite Panel Pro to firmware version 1.1.0 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict access to Lite Panel Pro to authorized engineering workstations only

CVEs (1)

CVE-2025-4407

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/439d6538-f298-4cb5-a6a6-d22450008441