Description
Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master.

This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.
Published: 2026-06-23
Score: 4.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Uncontrolled Search Path Element vulnerability in ABB Control Builder A and ABB 800xA for Advant Master allows an attacker who can influence the DLL search path to place a malicious DLL that the application will load. The flaw permits execution of arbitrary code in the context of the application, potentially compromising confidentiality, integrity, or availability of the affected system. The weakness is identified as CWE-427.

Affected Systems

Vulnerable products include ABB's Control Builder A up to and including version 1.4/4 and ABB's 800xA for Advant Master up to version 6.2.0‑1, as well as earlier releases 6.0.3‑1, 6.1.1‑1, and 6.1.1‑3. The flaw resides in the DLL loading process of these versions.

Risk and Exploitability

With a CVSS score of 4.1 the vulnerability is considered moderate; it does not provide an inherent remote code execution path but could be leveraged by a local or privileged user who can affect DLL loading. The EPSS score is not reported and the vulnerability is not in the CISA KEV catalog, indicating no known widespread exploitation. The risk is elevated in environments where the affected application runs with high privileges or where DLL search paths cannot be tightly controlled, so timely remediation is recommended.

Generated by OpenCVE AI on June 24, 2026 at 08:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ABB Control Builder A to a version newer than 1.4/4 and upgrade ABB 800xA for Advant Master to a version newer than 6.2.0‑1.
  • Limit DLL search paths by configuring the application or operating system to load libraries only from trusted directories, for example by setting the PATH environment variable to exclude unsecured folders.
  • Apply strict file system permissions to all directories that may be searched for DLLs to prevent unauthorized placement of malicious libraries.

Generated by OpenCVE AI on June 24, 2026 at 08:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.
Title Advant Master Online Builder DLL vulnerability
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 4.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-06-23T17:21:02.465Z

Reserved: 2025-11-14T03:20:45.405Z

Link: CVE-2025-13162

cve-icon Vulnrichment

Updated: 2026-06-23T17:20:57.920Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T08:15:05Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element