Description
Incorrect Authorization vulnerability in ABB T-MAC Plus.

This issue affects T-MAC Plus: 4.0-24.
Published: 2026-06-03
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ABB T‑MAC Plus exposes an incorrect authorization flaw that allows an attacker to bypass normal access controls when communicating with the TP2CardReaderService daemon. The vulnerability, classified as CWE‑863, could enable the attacker to retrieve or modify card reader data, issue control commands, or otherwise manipulate the device operation without proper privilege. This undermines confidentiality, integrity, and potentially availability of the device's functions.

Affected Systems

The flaw affects ABB T‑MAC Plus software versions 4.0 through 24. The affected system is the vendor’s programmable logic controller with integrated card reader functionality.

Risk and Exploitability

The CVSS score of 7.2 indicates a high‑severity condition with moderate exploitation complexity. No EPSS data is available, but the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. The attack likely requires access to the local or network interface used by the TP2CardReaderService daemon; if the service is exposed externally, remote exploitation could be feasible, whereas internal or offline access would be needed otherwise.

Generated by OpenCVE AI on June 3, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware or software update for ABB T‑MAC Plus that addresses the incorrect authorization flaw.
  • Restrict network or local access to the TP2CardReaderService daemon by configuring firewalls or network segmentation to limit traffic to trusted hosts only.
  • If possible, enforce role‑based access controls or strong authentication mechanisms on the device to prevent unauthorized command execution.

Generated by OpenCVE AI on June 3, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
Title Communication analysis between the Card Reader and TP2CardReaderService daemon
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-06-03T12:16:24.437Z

Reserved: 2025-12-16T03:47:14.477Z

Link: CVE-2025-14774

cve-icon Vulnrichment

Updated: 2026-06-03T12:14:35.520Z

cve-icon NVD

Status : Received

Published: 2026-06-03T11:16:19.090

Modified: 2026-06-03T11:16:19.090

Link: CVE-2025-14774

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T13:00:13Z

Weaknesses