BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·15d ago

ABB CoreSense HM and CoreSense M10

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information. /strong /p p The following versions of ABB CoreSense HM and CoreSense M10 are affected: /p ul li CoreSense™ HM lt;=2.3.1, 2.3.4 (CVE-2025-3465) /li li CoreSense™ M10 lt;=1.4.1.12, 1.4.1.31 (CVE-2025-3465) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 7.1 /td td ABB /td td ABB CoreSense HM and CoreSense M10 /td td Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Food and Agriculture, Commercial Facilities, Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-3465 /a /h3 div class= csaf-accordion-content p A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-3465 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB CoreSense HM and CoreSense M10 /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br CoreSense™ HM lt;=2.3.1, CoreSense™ M10 lt;=1.4.1.12 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The vulnerabilities are corrected in the following version: CoreSense™ HM v2.3.4 amp; CoreSense™ M10 v1.4.1.31 ABB recommends that customers apply the update at the earliest convenience. /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/22.html CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-table

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-01

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin