ABB LVS MConfig

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-146-06.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of an internally discovered vulnerability in the MConfig product versions listed as affected in the advisory. An attacker with access to local networks who successfully exploits vulnerability could have access to application’s sensitive information. ABB strongly advises customers to update MConfig with latest software version. /strong /p p The following versions of ABB LVS MConfig are affected: /p ul li LVS lt;=1.4.9.21 /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 7.4 /td td ABB /td td ABB LVS MConfig /td td Cleartext Storage of Sensitive Information in Memory /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Chemical, Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-9970 /a /h3 div class= csaf-accordion-content p During the runtime of the MConfig Software application, an attacker can export the memory dump file into the operating system. If passwords are stored in plain text in memory, they will be included in these dump files. If such dump files are mishandled, attackers could obtain them and extract the passwords. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-9970 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB LVS MConfig /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br MConfig Version lt;=1.4.9.21 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The vulnerability is resolved in the following product versions: MConfig version 1.4.9.22 ABB advises users to update their devices to the latest software version. Additionally, ABB recommends implementing defensive measures to reduce the risk of vulnerability exploitation, as outlined in the product instruction manual. Please refer to the section “Mitigation factors” for more information /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/316.html CWE-316 Cleartext Storage of Sensitive Information in Memory /a /p hr h4 Metrics /h4 div class= csaf-table csaf-me