Primary

Context

ABB FLXEON WebSockets Vulnerability Allowing Unauthorized HTTPS Requests

Vulnerability

A vulnerability exists in ABB FLXEON versions through 9.3.4, due to inadequate session management that fails to properly validate the Origin in WebSockets. This flaw allows unauthorized HTTPS requests to be sent, potentially leading to unauthorized actions or data exposure.

Impact

Exploitation of this vulnerability could result in unauthorized HTTPS requests being processed, potentially allowing for unauthorized access or actions within the application.

Remediation

Users are advised to consult the ABB document 9AKK108470A5684 for guidance on addressing this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ABB FLXEON WebSockets Vulnerability Allowing Unauthorized HTTPS Requests

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating