← Back to home
ICSA-25-140-01  ·  Published 2025-05-20  ·  View on CISA ICS-CERT ↗

ABUP IoT Cloud Platform

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized.

CVEs (1)

Remediations

  • ABUP did not respond to CISA's request for coordination.
  • The vulnerable method has been removed by the vendor and is no longer accessible. Users of the cloud platform do not need to take any action. Legitimate users of the cloud update platform should be aware that there was a period of exposure that ended on 19 April 2025 and should consider modifying authentication information.

Affected Vendors

ABUP

Affected Products (1)

ABUP · ABUP IoT Cloud Platform vers:all/*

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more