ABB LVS MConfig

Plan PatchCVSS 7.4ICS-CERT ICSA-26-146-06Oct 8, 2025

ABB

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

ABB MConfig contains an insecure memory handling vulnerability (CWE-316) that allows an attacker with local network access to extract sensitive information from the application's memory. The vulnerability affects MConfig versions up to and including 1.4.9.21. An attacker exploiting this could gain access to application sensitive information such as credentials or configuration details. The issue is resolved in MConfig version 1.4.9.22.

What this means

What could happen

An attacker with local network access to MConfig could extract sensitive information such as credentials or configuration data stored insecurely in memory, potentially compromising automation system operations or giving access to further systems.

Who's at risk

Engineering and configuration personnel who use ABB MConfig for automation system management, particularly those managing industrial systems, power generation, or utility infrastructure. Anyone with a local machine running MConfig version 1.4.9.21 or earlier is affected if they share that local network with untrusted users or devices.

How it could be exploited

An attacker on the local network exploits insecure memory handling in MConfig to read sensitive data directly from the application's memory space. No complex exploitation is required; the vulnerability allows straightforward information disclosure if the attacker can interact with the affected system locally.

Prerequisites

Local network access to the machine running MConfig
User interaction may be required (opening a file or interacting with the application)
MConfig version 1.4.9.21 or earlier

insecure memory handlinglocal network access requiredaffects configuration management toolsuser interaction required

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

MConfig≤ 1.4.9.211.4.9.22

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MConfig to version 1.4.9.22 or later

HARDENINGReview and apply defensive measures documented in the MConfig product instruction manual, especially the 'Mitigation factors' section

Long-term hardening

0/1

HARDENINGRestrict local network access to machines running MConfig; use network segmentation to limit who can reach the engineering workstations where MConfig runs

CVEs (1)

CVE-2025-9970

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ce3a6b6-9862-4155-b2d8-8815ce58cee4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.