Impact
The vulnerability is an authentication bypass flaw in ABB Freelance that allows an attacker to gain unauthorized access to the Windows operating system. This primary weakness can enable an attacker to execute actions with the privileges of the affected user or system account, compromising confidentiality, integrity, and availability of the system. The flaw arises from a failure to enforce proper authentication checks. The associated CWE identifier is 305.
Affected Systems
The flaw affects ABB Freelance versions through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. Users running any of these releases are potentially susceptible to the authentication bypass incident.
Risk and Exploitability
The CVSS score is 5.6, indicating a moderate severity and reflecting the risk of unauthorized access. EPSS data is not available, so the current exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, which suggests that there is no publicly known exploitation in the wild. Based on the nature of the flaw, the likely attack vector is remote, as an attacker could target the Freelance service over the network if it is exposed. If the service is reachable, the vulnerability could be leveraged to bypass authentication controls and gain unauthorized access to the Windows OS.
OpenCVE Enrichment