ByteOS Network

Vulnerability Details :

CVE-2025-13162

Assigner-ABB

Assigner Org ID-2b718523-d88f-4f37-9bbd-300c20644bf9

Published At-23 Jun, 2026 | 16:12

Updated At-23 Jun, 2026 | 17:21

Advant Master Online Builder DLL vulnerability

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:ABB

Assigner Org ID:2b718523-d88f-4f37-9bbd-300c20644bf9

Published At:23 Jun, 2026 | 16:12

Updated At:23 Jun, 2026 | 17:21

▼CVE Numbering Authority (CNA)

Advant Master Online Builder DLL vulnerability

Affected Products

Vendor

ABB

Product

Control Builder A

Default Status

unaffected

Versions

Affected

From 0 through 1.4/4 (custom)

Vendor

ABB

Product

800xA for Advant Master

Default Status

unaffected

Versions

Affected

From 0 through 6.0.3-1 (custom)
From 0 through 6.1.1-1 (custom)
6.1.1-3 (custom)
6.2.0-1 (custom)

Unaffected

6.1.1-2 (custom)
6.1.1-4 (custom)
6.2.0-2 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-427	CWE-427 Uncontrolled Search Path Element

Type: CWE

CWE ID: CWE-427

Description: CWE-427 Uncontrolled Search Path Element

Metrics

Version	Base score	Base severity	Vector
3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
4.0	4.1	MEDIUM	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Version: 4.0

Base score: 4.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch	N/A

Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cybersecurity@ch.abb.com

Published At:23 Jun, 2026 | 17:16

Updated At:23 Jun, 2026 | 18:17

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.1	MEDIUM	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
			N/A

Type: Secondary

Version: 4.0

Base score: 4.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Type: N/A

Version:

Base score:

Base severity: N/A

Vector:

Weaknesses

CWE ID	Type	Source
CWE-427	Secondary	cybersecurity@ch.abb.com

CWE ID: CWE-427

Type: Secondary

Source: cybersecurity@ch.abb.com

References

Hyperlink	Source	Resource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch	cybersecurity@ch.abb.com	N/A

Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@ch.abb.com

Resource: N/A

Similar CVEs

2Records found

CVE-2024-13946

Matching Score-6

Assigner-Asea Brown Boveri Ltd. (ABB)

View Details

Matching Score-6

Assigner-Asea Brown Boveri Ltd. (ABB)

CVSS Score-7.1||HIGH

EPSS-0.98% / 57.52%

7 Day CHG~0.00%

Published-22 May, 2025 | 18:09

Updated-23 May, 2025 | 15:54

Binary Planting / LoadLibrary DLL's not Signed

DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

Vendor-ABB

Product-ASPECT-Enterprise MATRIX Series NEXUS Series

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2020-5324

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-7.1||HIGH

EPSS-0.25% / 16.27%

7 Day CHG~0.00%

Published-21 Feb, 2020 | 14:50

Updated-17 Sep, 2024 | 02:16

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Vendor-Dell Inc.

CWE ID-CWE-427

Uncontrolled Search Path Element

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2025-13162

Credits

Advant Master Online Builder DLL vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs