CVE-2025-4677

CWE-613 — Insufficient Session Expiration4 documents4 sources

Severity

7.1HIGH

EPSS

0.0%

top 91.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Webpro Snmp Card Powervalue ABB Webpro Snmp Card Powervalue UL

Timeline

PublishedJan 7

Description

Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5abb/webpro_snmp_card_powervalue1.1.8.k

▶CVEListV5abb/webpro_snmp_card_powervalue_ul1.1.8.k

🔴Vulnerability Details

GHSA

GHSA-w48j-gq3h-j3j3: Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL↗2026-01-07

▶

CVEList

Idle session timeout is not configured for multiple open ports↗2026-01-07

▶