cbcvebase.
CVE-2025-9574
published 2025-10-20

CVE-2025-9574: Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial…

PriorityP271critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.75%
50.4th percentile
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166

Affected

2 ranges
VendorProductVersion rangeFixed in
abbals-mini-s4_ip
abbals-mini-s8_ip

Detection & IOCsextracted from sources · hover to see the quote

  • Target devices are ALS-mini-S4/S8 IP controllers with serial numbers 2000–5166; detect unauthenticated HTTP requests to the embedded web server that read or modify device configuration parameters without any authentication headers/session tokens.
  • Monitor for any network access to the embedded web server of ALS-mini-S4/S8 IP devices, especially from non-whitelisted IPs; alert on such access attempts via firewall, IDS, or IPS.
  • The vulnerability is in the embedded web server component; network traffic to the web server port from external/untrusted sources should be flagged as suspicious, particularly configuration read/write operations.
  • ·All firmware versions are affected for serial numbers 2000–5166; no patch exists as the product reached end of life in 2022 and ABB has no plans for a fix.
  • ·Affected serial number range is explicitly 2000 to 5166 for both ALS-mini-s4 IP and ALS-mini-s8 IP; devices outside this range are not listed as affected.
  • ·The embedded web server provides load monitoring, alarms, and remote configuration functionality; physically disconnecting the Ethernet port is the recommended workaround if the web server is not needed.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.9CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Red
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.