CVE-2025-13162 | Uncontrolled Search Path Element vulnerability in ABB Contro… | CVSS 4.4 MEDIUM

Description

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.

Metadata

CVE ID: CVE-2025-13162
State: PUBLISHED
Assigner: ABB
Reserved: 2025-11-14 03:20 UTC
Published: 2026-06-23 16:12 UTC
Last updated: 2026-06-23 17:21 UTC
Primary CWE: CWE-427
CWE-427 Uncontrolled Search Path Element
Vendor / Product: ABB / Control Builder A
Sources: cve.org · NVD

Severity & Metrics

4.4 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
ABB	800xA for Advant Master	—	0 ≤ 6.0.3-1, 0 ≤ 6.1.1-1, 6.1.1-3, 6.2.0-1 …
ABB	Control Builder A	—	0 ≤ 1.4/4

Weakness (CWE)

CWE	Source	Description
CWE-427	cna	CWE-427 Uncontrolled Search Path Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
4.4	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
4.1	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References (1)

https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch