A high-severity path traversal vulnerability has been identified in ABB CoreSense™ HM and ABB CoreSense™ M10 products. This flaw could allow a remote attacker to access, read, or modify sensitive files on the underlying server by manipulating file path inputs. Successful exploitation could lead to a breach of confidential data, system compromise, or service disruption.

This vulnerability is an Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal (CWE-22). The affected software fails to properly sanitize user-supplied input that is used to construct a file path. An unauthenticated remote attacker can exploit this by crafting a malicious request containing "dot-dot-slash" (../) sequences to navigate outside of the intended web root directory. This allows the attacker to access or potentially modify arbitrary files on the filesystem with the permissions of the application's user account, leading to unauthorized information disclosure or further system compromise.

This vulnerability is rated as High severity with a CVSS score of 7.1. Exploitation could have a significant negative impact on the business, leading to a breach of confidentiality and integrity. Potential consequences include the theft of sensitive operational data, intellectual property, or system configuration files containing credentials. If the vulnerability allows file modification, an attacker could plant malware, create backdoors for persistent access, or corrupt critical system files, causing operational outages of the monitoring systems.

Immediate Action: Apply the security updates provided by ABB immediately to all affected systems, prioritizing those that are network-accessible. After patching, review system and application access logs for any signs of past or ongoing exploitation attempts, such as unusual file access patterns or requests containing path traversal sequences.

Proactive Monitoring: Implement continuous monitoring of application and web server logs for requests containing path traversal payloads (e.g., ../, ..%2f, ..\). Utilize a File Integrity Monitoring (FIM) solution to detect unauthorized changes to critical system files. Monitor network traffic for anomalous outbound connections from the affected servers, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block path traversal attacks.
• Restrict network access to the management interface of the affected devices to a limited set of trusted IP addresses.
• Ensure the service account running the application operates with the principle of least privilege, limiting its read/write access to only essential directories.

Public Exploit Available: false

Given the high severity (CVSS 7.1) and the critical nature of the affected industrial monitoring systems, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. Although there is no current evidence of active exploitation or inclusion in the CISA KEV catalog, the risk of future exploitation is significant. Organizations should identify all vulnerable ABB CoreSense™ assets within their environment and apply the vendor-supplied security updates on an emergency basis to prevent potential data breaches and operational disruption.