Description
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.

This issue affects T-MAC Plus: 4.0-24.
Published: 2026-06-03
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows files or directories within the ABB T-MAC Plus web application to be read by external parties. The weakness grants attackers unauthorized access to potentially sensitive configuration and log data, resulting in a breach of confidentiality. It is classified as CWE-552.

Affected Systems

The issue affects ABB T-MAC Plus versions 4.0 through 24. No other product versions are listed as affected.

Risk and Exploitability

The CVSS score of 7.3 indicates high severity, and although an EPSS score is not provided, the lack of a known exploit in KEV does not diminish the risk. Attackers can exploit the flaw remotely via a web request without authentication, making it straightforward to retrieve arbitrary files. The high predatory nature of the vulnerability warrants prompt remediation.

Generated by OpenCVE AI on June 3, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply the latest ABB T-MAC Plus software patch from the ABB support website.
  • Enforce tighter access controls on the ABB T-MAC Plus web root by enabling authentication and setting file system permissions to restrict read access to only the application process.
  • Review the web application root directories for unnecessary files and remove or relocate them to reduce the attack surface.

Generated by OpenCVE AI on June 3, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Title File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site
Weaknesses CWE-552
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-06-03T13:02:53.833Z

Reserved: 2025-12-16T03:47:13.262Z

Link: CVE-2025-14771

cve-icon Vulnrichment

Updated: 2026-06-03T13:02:48.652Z

cve-icon NVD

Status : Received

Published: 2026-06-03T11:16:17.190

Modified: 2026-06-03T11:16:17.190

Link: CVE-2025-14771

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T13:00:13Z

Weaknesses