BACK TO NEWS
CERT Advisories

Critical Vulnerabilities in ABB WebPro SNMP Card Expose Industrial Systems to Attacks

3 min readSource: INCIBE-CERT

ABB WebPro SNMP Card for PowerValue UPS contains multiple vulnerabilities, including hardcoded credentials and authentication bypass risks (CVE-2025-XXXX).

ABB WebPro SNMP Card Flaws Could Enable Unauthorized Industrial Control Access

The Spanish National Cybersecurity Institute (INCIBE) has disclosed multiple critical vulnerabilities in ABB’s WebPro SNMP Card, a component used with PowerValue uninterruptible power supply (UPS) systems. The flaws, published on January 8, 2026, could allow attackers to bypass authentication, execute arbitrary code, or gain unauthorized access to industrial environments.

Technical Details of the Vulnerabilities

While specific CVE IDs have not yet been assigned (temporarily referenced as CVE-2025-XXXX), INCIBE’s advisory highlights the following risks:

  • Hardcoded Credentials: The device contains embedded default credentials that cannot be modified, providing a persistent backdoor for attackers.
  • Authentication Bypass: Flaws in the authentication mechanism could allow unauthorized users to access administrative functions.
  • Potential Remote Code Execution (RCE): Certain vulnerabilities may enable attackers to execute arbitrary commands on the affected device.
  • Information Disclosure: Sensitive system data could be exposed due to improper access controls.

The WebPro SNMP Card is designed for remote monitoring and management of ABB PowerValue UPS systems, which are widely deployed in data centers, industrial facilities, and critical infrastructure. Exploitation of these flaws could lead to disruption of power management, unauthorized control of UPS systems, or lateral movement within OT networks.

Impact Analysis

Successful exploitation of these vulnerabilities could result in:

  • Unauthorized access to UPS control interfaces, potentially leading to power disruptions.
  • Compromise of adjacent OT/ICS systems if the UPS is integrated into a broader industrial network.
  • Data exfiltration from affected devices, including configuration details and operational logs.
  • Denial-of-Service (DoS) conditions if attackers manipulate UPS settings.

Given the operational technology (OT) context of these devices, the risks extend beyond IT systems, potentially affecting physical infrastructure reliability.

Recommendations for Mitigation

INCIBE and ABB urge organizations to take the following steps:

  1. Apply Vendor Patches: Monitor ABB’s official security advisories for firmware updates addressing these vulnerabilities.
  2. Network Segmentation: Isolate UPS management interfaces from corporate and OT networks to limit exposure.
  3. Access Controls: Restrict SNMP and web interface access to authorized personnel only, using IP whitelisting where possible.
  4. Monitor for Exploitation: Deploy intrusion detection systems (IDS) to detect unusual SNMP traffic or authentication attempts.
  5. Disable Unused Services: If SNMP or web management is not required, disable these services to reduce the attack surface.

Organizations using ABB PowerValue UPS systems with WebPro SNMP Cards should prioritize remediation, particularly in critical infrastructure sectors where power reliability is essential. Further details will be provided once CVE IDs and patches are officially released.

For ongoing updates, refer to INCIBE’s advisory.

Share

TwitterLinkedIn