IM
IronMonkey Threat Research
‹ Back to ICS Advisories

ABB LVS MConfig

HIGH
CVSS 7.4
Date 2026-05-26T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

ABB became aware of an internally discovered vulnerability in the MConfig product versions listed as affected in the advisory. An attacker with access to local networks who successfully exploits vulnerability could have access to application’s sensitive information. ABB strongly advises customers to update MConfig with latest software version.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2025-9970 7.4 high
CVE-2025-9970. During the runtime of the MConfig Software application, an attacker can export the memory dump file into the operating system. If passwords are stored in plain text in memory, they will be included in these dump files. If such dump files are mishandled, attackers could obtain them and extract the passwords.

// Remediations (2)

Patch: The vulnerability is resolved in the following product versions: MConfig version 1.4.9.22 ABB advi
The vulnerability is resolved in the following product versions: MConfig version 1.4.9.22 ABB advises users to update their devices to the latest software version. Additionally, ABB recommends implementing defensive measures to reduce the risk of vulnerability exploitation, as outlined in the product instruction manual. Please refer to the section “Mitigation factors” for more information
Patch: The vulnerability is resolved in the following product versions: MConfig version 1.4.9.22 ABB advi
The vulnerability is resolved in the following product versions: MConfig version 1.4.9.22 ABB advises users to update their devices to the latest software version. Additionally, ABB recommends implementing defensive measures to reduce the risk of vulnerability exploitation, as outlined in the product instruction manual. Please refer to the section “Mitigation factors” for more information

// References