WebPro SNMP Card PowerValue Multiple Vulnerabilities

Plan PatchCVSS 8.82crt000009Jan 7, 2026

ABBEnergy

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities exist in ABB WebPro SNMP Card PowerValue versions 1.1.8.k and earlier. These vulnerabilities allow an attacker with local network access to achieve unauthorized access to the SNMP card, cause insufficient session expiration leading to resource unavailability, and trigger uncontrolled resource consumption resulting in denial of service attacks. The issues stem from improper input validation, insufficient session management, and resource consumption controls.

What this means

What could happen

An attacker on the local network could gain unauthorized access to the SNMP card, cause denial of service by consuming system resources, or exhaust session timeouts leading to network device unavailability.

Who's at risk

Power distribution and UPS monitoring operators using ABB WebPro SNMP Card PowerValue modules for remote network management of uninterruptible power supplies and power equipment should prioritize this update. Organizations in the energy sector managing ABB power systems are directly affected.

How it could be exploited

An attacker with access to the local network could exploit insufficient input validation or session management to trigger resource exhaustion or session-based attacks, potentially allowing unauthorized access to the device's SNMP management interface and control of connected power equipment.

Prerequisites

Local network access to the WebPro SNMP Card
No authentication required for session-based attacks

remotely exploitable via local networklow complexity attackhigh CVSS score (8.8)affects critical power infrastructureactive exploitation vector (E:F)

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WebPro SNMP Card PowerValue <=1.1.8.k≤ 1.1.8.k1.1.8.p

WebPro SNMP Card PowerValue UL <=1.1.8.k≤ 1.1.8.k1.1.8.p

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the SNMP card to authorized management networks only using firewall or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebPro SNMP Card PowerValue firmware to version 1.1.8.p or later

HARDENINGReview and apply mitigation factors outlined in the WebPro SNMP Card product instruction manual

CVEs (3)

CVE-2025-4675 CVE-2025-4676 CVE-2025-4677

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c735f737-8596-4fd5-8b84-9a0154ceb34b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.