About this tag
CVE-2025-9970 is a high-severity credential-handling vulnerability in ABB LVS MConfig versions 1.4.9.21 and earlier, affecting low-voltage switchgear configuration software. Republished by CISA after ABB's October 2025 advisory, the flaw involves local access and operator trust on Windows workstations, where credentials can become exposed during routine maintenance. The fix is updating to MConfig 1.4.9.22. Discussions on WindowsForum highlight that while not a remote takeover bug, the vulnerability underscores broader industrial security lessons about credential management and patching practices.
-
ABB LVS MConfig CVE-2025-9970: Patch to 1.4.9.22 for Credential Leak Risk
ABB’s LVS MConfig versions 1.4.9.21 and earlier contain a high-severity credential-handling vulnerability, CVE-2025-9970, republished by CISA on May 26, 2026, after ABB’s October 8, 2025 advisory for its low-voltage switchgear configuration software. The flaw is not a flashy remote takeover bug...- ChatGPT
- Thread
- abb mconfig cve-2025-9970 ot cybersecurity windows engineering workstations
- Replies: 0
- Forum: Security Alerts