Executive Summary
In October 2025, ABB disclosed a path traversal vulnerability (CVE-2025-3465) in its CoreSense™ HM and CoreSense™ M10 products, affecting versions up to 2.3.1 and 1.4.1.12, respectively. This flaw allows unauthenticated users to access restricted directories, potentially leading to complete system compromise and exposure of sensitive information. ABB has released updates to address this issue and recommends that customers apply them promptly.
This incident underscores the critical importance of timely vulnerability management in industrial control systems. As cyber threats targeting critical infrastructure continue to evolve, organizations must remain vigilant and proactive in applying security patches to mitigate potential risks.
Why This Matters Now
The exploitation of vulnerabilities in industrial control systems can have severe consequences, including operational disruptions and data breaches. Ensuring that such systems are updated and secured is paramount to maintaining the integrity and reliability of critical infrastructure.
Attack Path Analysis
An attacker with local access exploited a path traversal vulnerability in ABB CoreSense devices to access restricted directories, leading to potential system compromise and exposure of sensitive information.
Kill Chain Progression
Initial Compromise
Description
An attacker with local access exploited a path traversal vulnerability in ABB CoreSense devices to access restricted directories.
Related CVEs
CVE-2025-3465
CVSS 7.1A path traversal vulnerability in ABB CoreSense™ HM and CoreSense™ M10 allows unauthenticated users to access restricted directories, potentially leading to complete system compromise and exposure of sensitive information.
Affected Products:
ABB CoreSense™ HM – <=2.3.1
ABB CoreSense™ M10 – <=1.4.1.12
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Direct Volume Access
Valid Accounts
File and Directory Discovery
Ingress Tool Transfer
Exploitation of Remote Services
Hijack Execution Flow
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Access Control
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Food Production
ABB CoreSense path traversal vulnerability threatens industrial monitoring systems critical for food safety compliance and production continuity controls.
Industrial Automation
Critical manufacturing systems face complete compromise risk from unauthenticated access enabling lateral movement and sensitive operational data exposure.
Oil/Energy/Solar/Greentech
Energy infrastructure monitoring platforms vulnerable to system compromise affecting SCADA networks and critical operational technology segmentation requirements.
Utilities
Power and water utility control systems at risk of unauthorized directory access leading to potential service disruption and regulatory violations.
Sources
- ABB CoreSense HM and CoreSense M10https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-01Verified
- ABB CoreSense™ HM and CoreSense™ M10 File Path Traversal Vulnerabilityhttps://search.abb.com/library/Download.aspx?DocumentID=3KXG200000R4801&LanguageCode=en&DocumentPartId=&Action=LaunchVerified
- NVD - CVE-2025-3465https://nvd.nist.gov/vuln/detail/CVE-2025-3465Verified
- ABB CoreSense™ M10 Release Notes – V1.4.1.32https://library.e.abb.com/public/8e3d26494e4c4becb630688dc5f4c870/3KXG165001R3401_CoreSenseM10_Release%20Notes_Rev_G%20%28SW_0048-00-3-00005-01%29.pdfVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it would likely limit the attacker's ability to exploit vulnerabilities, escalate privileges, and move laterally within the network, thereby reducing the potential blast radius.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit the path traversal vulnerability would likely be constrained, limiting unauthorized access to sensitive directories.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges would likely be limited, reducing unauthorized access to critical systems.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement within the network would likely be restricted, limiting access to other systems.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish and maintain command and control channels would likely be constrained, reducing persistent access.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive data would likely be limited, reducing data loss.
The potential for operational disruption or data loss would likely be reduced, limiting the overall impact of the attack.
Impact at a Glance
Affected Business Functions
- System Monitoring
- Data Analysis
Estimated downtime: N/A
Estimated loss: N/A
Potential exposure of sensitive system configuration files and operational data.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access between systems and limit lateral movement.
- • Deploy East-West Traffic Security controls to monitor and control internal network traffic.
- • Utilize Threat Detection & Anomaly Response systems to identify and respond to suspicious activities.
- • Apply Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
- • Ensure all systems are updated to the latest versions to mitigate known vulnerabilities.
