WebPro SNMP Card PowerValue Multiple Vulnerabilities

Plan Patch8.82CRT000009Jan 7, 2026

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities exist in ABB WebPro SNMP Card PowerValue versions 1.1.8.k and earlier. These vulnerabilities include insufficient session expiration (CWE-303), uncontrolled resource consumption (CWE-613), and improper exception handling (CWE-754). An attacker with local network access could exploit these flaws to gain unauthorized access to the card, cause denial of service through resource exhaustion, or maintain persistent sessions beyond intended session lifetime. This impacts the availability and security of UPS monitoring and management functions.

What this means

What could happen

An attacker with network access to the SNMP card could gain unauthorized access to device configuration, cause the device to become unresponsive (denial of service), or consume resources until the card stops responding to monitoring and management requests.

Who's at risk

Energy sector operators using ABB PowerValue UPS systems with WebPro SNMP cards for remote monitoring and management. This affects both standard and UL-listed versions of the SNMP card used to monitor uninterruptible power supplies and power distribution equipment.

How it could be exploited

An attacker on the local network sends crafted SNMP requests to the WebPro SNMP card. If the card has insufficient session controls, the attacker could maintain an active session indefinitely, consume resources through repeated requests, or bypass authentication checks depending on which of the three vulnerabilities is exploited.

Prerequisites

Network access to the SNMP card (typically port 161 UDP or management interface ports)
Local network access (CVSS vector indicates adjacent network, not internet-accessible)

remotely exploitable (local network)affects monitoring/management capabilitymultiple vulnerabilities (session expiration, resource consumption, unauthorized access)no authentication required for some attack vectors

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WebPro SNMP Card PowerValue <=1.1.8.k≤ 1.1.8.k1.1.8.p

WebPro SNMP Card PowerValue UL <=1.1.8.k≤ 1.1.8.k1.1.8.p

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to the SNMP card to authorized monitoring and management stations using firewall rules or network segmentation

HARDENINGReview and implement defensive measures outlined in the WebPro SNMP card product instruction manual, particularly the 'Mitigation factors' section

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebPro SNMP Card PowerValue firmware to version 1.1.8.p or later

CVEs (3)

CVE-2025-4675 CVE-2025-4676 CVE-2025-4677

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c0486c84-287f-4c7b-9d52-d954bd71a30a