THE CISA advisory ICSA-26-146-06, released on May 26, 2026, details a vulnerability in the ABB LVS MConfig software (version <= 1.4.9.21). This issue allows an attacker with local network access to potentially retrieve sensitive information, such as passwords stored in cleartext memory. ABB recommends users update to MConfig version 1.4.9.22 to mitigate this risk. The advisory is pertinent to various critical infrastructure sectors, including energy and transportation. Additionally, CISA emphasizes taking defensive measures to protect control systems and provides guidelines for limiting network exposure.
CISA warns ABB MConfig flaw leaks cleartext passwords
CyberSIXT Evidence Panel
Primary Source
github.com
Article by CyberSIXT