CVE-2024-9877 in ANCinfo

Summary

by MITRE • 04/30/2025

: Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/30/2025

The vulnerability identified as CVE-2024-9877 represents a critical security flaw in ABB's ANC series of industrial control systems including ANC, ANC-L, and ANC-mini devices. This weakness stems from the improper handling of sensitive information within HTTP GET requests, where confidential data is transmitted through query parameters that are visible in web server logs, browser history, and network traffic monitoring tools. The affected versions through 1.1.4 demonstrate a fundamental failure in secure communication practices, where authentication tokens, session identifiers, and potentially sensitive operational parameters are exposed through the URL structure rather than being properly encapsulated within POST requests or other secure transmission mechanisms.

The technical implementation of this vulnerability aligns with CWE-200, which specifically addresses improper exposure of sensitive information, and CWE-312, concerning exposure of sensitive data through cleartext transmission. The flaw manifests when the system processes GET requests that contain sensitive query strings, creating a persistent exposure vector where attackers can capture and analyze network traffic to extract confidential information. This vulnerability directly violates security best practices outlined in NIST SP 800-53 and ISO 27001 controls related to secure communication and access control, as it allows unauthorized parties to obtain sensitive data through simple network monitoring techniques.

The operational impact of this vulnerability extends beyond simple information disclosure, as it creates potential attack vectors for more sophisticated exploitation. An attacker with network access can capture these GET requests through packet sniffing, proxy interception, or server log analysis, potentially gaining access to authentication credentials, operational parameters, or other sensitive data that could be used for privilege escalation or system compromise. The exposure of sensitive query strings in the URL structure creates a persistent threat that remains active as long as the vulnerable devices are operational, making it particularly dangerous in industrial environments where continuous monitoring and long-term operation are standard practices. This vulnerability also creates challenges for compliance with regulatory frameworks such as NERC CIP standards that require protection of critical infrastructure data.

Mitigation strategies for CVE-2024-9877 should prioritize immediate implementation of secure communication protocols that eliminate the use of sensitive data in URL query strings. Organizations must implement proper input validation and output encoding to prevent sensitive information from being transmitted through GET requests, while also ensuring that all authentication and session management occurs through secure POST requests or other appropriate secure transmission methods. Network administrators should deploy traffic monitoring solutions that can detect and alert on suspicious GET request patterns containing sensitive data, and implement proper log management practices that prevent sensitive information from being stored in accessible locations. The remediation process should include firmware updates from ABB addressing the specific implementation flaw, along with comprehensive network security reviews to identify and eliminate similar vulnerabilities throughout the industrial control system infrastructure. Additionally, security teams should implement proper access controls and network segmentation to limit exposure of these vulnerable systems to unauthorized network access, while also establishing monitoring procedures that can detect and respond to potential exploitation attempts targeting this specific vulnerability pattern.

Responsible

ABB

Reservation

10/11/2024

Disclosure

04/30/2025

Moderation

accepted

CPE

ready

EPSS

0.00180

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!