A critical vulnerability in ABB T-MAC Plus allows unauthorized external parties to access restricted files and directories, posing a severe threat to system confidentiality.

The vulnerability involves improper access control, where files or directories within the application are accessible to external parties. This allows an unauthorized attacker to view or potentially manipulate sensitive data stored within the T-MAC Plus environment.

The CVSS score of 9.9 indicates a severe risk to information confidentiality. Unauthorized access to system files can expose sensitive configurations, credentials, or operational data, potentially leading to further exploitation or significant operational disruption within industrial or enterprise environments.

Immediate Action: Update ABB T-MAC Plus to version 4.0-25 or later as specified in the vendor advisory.

Proactive Monitoring: Audit access logs for unauthorized attempts to access system files and monitor for unusual data egress patterns.

Compensating Controls: Implement file-system level permissions to restrict access to sensitive directories and ensure the application is running with the principle of least privilege.

Public Exploit Available: false

Organizations utilizing ABB T-MAC Plus must prioritize the update to version 4.0-25. Addressing this access control issue is essential to prevent unauthorized disclosure of sensitive system information and to maintain the overall security of the industrial environment.