CISA

ABB T-MAC Plus

From Cybersecurity and Infrastructure Security Agency ↗

ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways.

The following versions of ABB T-MAC Plus are affected:

T-MAC Plus 4.0-24 (CVE-2025-14771, CVE-2025-14772, CVE-2025-14773, CVE-2025-14774)

Vendor

Equipment

ABB

ABB T-MAC Plus

Files or Directories Accessible to External Parties, Authorization Bypass Through User-Controlled Key, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Incorrect Authorization

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Switzerland

File Disclosure in ABB T-MAC Plus web application allows authenticated user...