HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Memory Dump Vulnerability (CVE‑2025‑9970) in ABB LVS MConfig Exposes Plaintext Credentials

ABB LVS MConfig versions ≤ 1.4.9.21 allow an attacker on the local network to export a memory dump containing clear‑text passwords. The CVSS 7.4 rating makes this a high‑severity risk for critical‑infrastructure operators and their supply‑chain partners.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical Memory Dump Vulnerability (CVE‑2025‑9970) in ABB LVS MConfig Exposes Plaintext Credentials

What It Is – ABB disclosed a vulnerability (CVE‑2025‑9970) in its LVS MConfig software that allows an attacker with local‑network access to trigger a memory‑dump export. Plain‑text passwords stored in RAM are written to the dump file, creating a clear‑text credential leak.

Exploitability – The flaw is actively exploitable on any system running MConfig ≤ 1.4.9.21. No public exploit code is required; an attacker merely needs to invoke the dump routine. CVSS v3.1 base score 7.4 (High).

Affected Products – ABB LVS MConfig versions ≤ 1.4.9.21 (global deployments across chemical, manufacturing, energy, food & agriculture, transportation, water & wastewater).

TPRM Impact

  • Third‑party sites that integrate ABB LVS MConfig into their OT environment inherit the risk of credential exposure, potentially enabling lateral movement into critical control systems.
  • Supply‑chain partners may receive leaked service‑account passwords, compromising downstream vendors and customers.

Recommended Actions

  • Patch immediately – Deploy ABB’s fixed version (≥ 1.4.9.22) across all OT sites.
  • Validate password handling – Ensure no clear‑text passwords are retained in memory; adopt secure credential stores or vaults.
  • Restrict dump functionality – Disable or limit the memory‑dump feature on production systems.
  • Monitor for anomalous dump files – Deploy file‑integrity monitoring on directories where dump files could be written.
  • Review network segmentation – Confirm that only authorized management subnets can reach MConfig hosts.

Source: CISA Advisory – ICSA‑26‑146‑06

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-06

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →