Critical Memory Dump Vulnerability (CVE‑2025‑9970) in ABB LVS MConfig Exposes Plaintext Credentials
What It Is – ABB disclosed a vulnerability (CVE‑2025‑9970) in its LVS MConfig software that allows an attacker with local‑network access to trigger a memory‑dump export. Plain‑text passwords stored in RAM are written to the dump file, creating a clear‑text credential leak.
Exploitability – The flaw is actively exploitable on any system running MConfig ≤ 1.4.9.21. No public exploit code is required; an attacker merely needs to invoke the dump routine. CVSS v3.1 base score 7.4 (High).
Affected Products – ABB LVS MConfig versions ≤ 1.4.9.21 (global deployments across chemical, manufacturing, energy, food & agriculture, transportation, water & wastewater).
TPRM Impact –
- Third‑party sites that integrate ABB LVS MConfig into their OT environment inherit the risk of credential exposure, potentially enabling lateral movement into critical control systems.
- Supply‑chain partners may receive leaked service‑account passwords, compromising downstream vendors and customers.
Recommended Actions –
- Patch immediately – Deploy ABB’s fixed version (≥ 1.4.9.22) across all OT sites.
- Validate password handling – Ensure no clear‑text passwords are retained in memory; adopt secure credential stores or vaults.
- Restrict dump functionality – Disable or limit the memory‑dump feature on production systems.
- Monitor for anomalous dump files – Deploy file‑integrity monitoring on directories where dump files could be written.
- Review network segmentation – Confirm that only authorized management subnets can reach MConfig hosts.
Source: CISA Advisory – ICSA‑26‑146‑06