ABB WebPro SNMP Card PowerValue Hit by Three Flaws Including Authentication Bypass
ABB disclosed three vulnerabilities in its WebPro SNMP Card PowerValue, including an authentication bypass that validates only the first character of session cookies, allowing brute-force attacks.
ABB has disclosed multiple vulnerabilities affecting the WebPro SNMP Card PowerValue, a component used in uninterruptible power supply (UPS) management. The flaws, reported internally and detailed in an advisory from CISA, impact firmware versions up to 1.1.8.k and could allow attackers with local network access to bypass authentication, cause denial-of-service conditions, and disrupt critical Modbus services.
The most severe vulnerability, tracked as CVE-2025-4676, carries a CVSS score of 8.8 and stems from an incorrect implementation of the authentication algorithm. The device web HMI validates users by checking only the first character of the session cookie and authentication token. If the first characters match, the user is authenticated, making it trivial for an attacker to brute-force the single correct character and gain unauthorized access with elevated privileges.
Two additional vulnerabilities were also patched. CVE-2025-4675 (CVSS 6.5) involves an improper check for unusual or exceptional conditions in the Modbus (slave) protocol implementation. When triggered, port 502 becomes unstable and the Modbus service becomes unavailable until the device is manually rebooted, potentially disrupting UPS monitoring in critical infrastructure environments.
The third flaw, CVE-2025-4677 (CVSS 6.5), is an insufficient session expiration issue affecting ports 23 and 502. The device does not enforce idle session timeouts, allowing an attacker to open numerous connections that are never destroyed. This uncontrolled resource consumption can lead to a denial-of-service condition, rendering the device unresponsive.
ABB has released firmware version 1.1.8.p to address all three vulnerabilities. The company strongly advises customers to update immediately. For those unable to upgrade, ABB recommends implementing defensive measures outlined in the product instruction manual and contacting ABB Digital Service Support for guidance.
The WebPro SNMP Card PowerValue is deployed worldwide across multiple critical infrastructure sectors, including energy, healthcare, water, and manufacturing. The broad deployment raises concerns about potential exploitation, especially given the low complexity of the authentication bypass attack, which requires only adjacent network access and no privileges.
These disclosures highlight ongoing challenges in securing industrial control system (ICS) components, where authentication mechanisms and session management are often implemented with insufficient rigor. The combination of an easily brute-forced authentication bypass and denial-of-service vectors makes this advisory particularly significant for operators of ABB UPS systems.