CVE-2025-9970 HIGH

Published: 2025-10-08 | Last Modified: 2026-04-15 | Status: Deferred

Description

Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.

Additional Descriptions (1)

Vulnerabilidad de almacenamiento en texto claro de información sensible en memoria en ABB MConfig. Este problema afecta a MConfig: hasta 1.4.9.21.

CVSS Metrics

Base Score: 7.4 (HIGH)

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	HIGH
Privileges Required	LOW
User Interaction	REQUIRED
Scope	CHANGED
Confidentiality Impact	LOW
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 0.8

Impact Score: 6.0

Base Score: 5.7 (MEDIUM)

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	LOCAL
Attack Complexity	HIGH
Attack Requirements	PRESENT
Privileges Required	LOW
User Interaction	PASSIVE
Vulnerability Confidentiality	LOW
Vulnerability Integrity	HIGH
Vulnerability Availability	HIGH
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	HIGH

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-316

References

https://search.abb.com/library/Download.aspx?DocumentID=4TZ00000006008&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]