WebPro SNMP Card PowerValue Multiple Vulnerabilities

Plan PatchCVSS 8.82CRT000009Jan 7, 2026

ABBEnergy

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities exist in ABB WebPro SNMP Card PowerValue affecting versions 1.1.8.k and earlier. These vulnerabilities allow an attacker with local network access to gain unauthorized access, trigger insufficient session expiration leading to resource exhaustion, or cause denial of service through uncontrolled resource consumption.

What this means

What could happen

An attacker on the local network could gain unauthorized access to the WebPro SNMP Card, exhaust system resources causing denial of service, or maintain persistent access through insufficient session expiration controls. This could disrupt monitoring and remote management of critical power equipment.

Who's at risk

Power utility operators and energy management teams using ABB WebPro SNMP Card PowerValue for remote monitoring and management of UPS and power conditioning equipment. Any facility relying on this card for SNMP-based network monitoring of critical infrastructure power systems.

How it could be exploited

An attacker positioned on the same local network segment as the WebPro SNMP Card can exploit authentication weaknesses or resource consumption flaws via SNMP protocol requests. Once exploited, the attacker gains unauthorized administrative access or can trigger resource exhaustion that crashes the card and blocks legitimate monitoring/management traffic.

Prerequisites

Network access to the WebPro SNMP Card on the local subnet (no remote exploitation from outside the network)
No credentials required to trigger the vulnerability

no authentication requiredlow complexity to exploitlocal network access only (not remotely exploitable from Internet)affects monitoring/management of critical infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WebPro SNMP Card PowerValue <=1.1.8.k≤ 1.1.8.k1.1.8.p

WebPro SNMP Card PowerValue UL <=1.1.8.k≤ 1.1.8.k1.1.8.p

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation to restrict SNMP access to the WebPro card from only authorized management workstations

WORKAROUNDConfigure firewall rules to limit inbound traffic to the SNMP card to port 161/162 from trusted monitoring systems only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebPro SNMP Card PowerValue firmware to version 1.1.8.p or later

WORKAROUNDContact ABB Digital Service Support (ch.ups.digital@abb.com) for specific guidance on deployment and mitigation factors documented in the product instruction manual

CVEs (3)

CVE-2025-4675 CVE-2025-4676 CVE-2025-4677

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c0486c84-287f-4c7b-9d52-d954bd71a30a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.