ABB EIBPORT Vulnerability Allows Unauthorized Configuration Access via Web Sessions

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A session management vulnerability has been CVE-2024-13967 identified in EIBPORT products used in building automation systems, which could allow unauthorized access to sensitive configuration pages through a session fixation attack. This flaw affects firmware versions up to on both LAN and GSM-enabled models, stemming from improper handling of web session identifiers that fail to maintain secure session management. Although not remotely exploitable under standard configurations, exposure of the device’s IP address to the Internet can enable attackers to bypass authentication, gain control over system settings, and alter device behavior. It requires immediate firmware upgrade to version which improves login credential verification, session token handling, and overall product hardening. It is urged to apply the update and follow recommended security practices to mitigate potential risks. The vulnerability has a CVSS score of 8.8.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We strongly recommend you update ABB EIBPORT to version 3.9.9 or later.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/critical-abb-eibport-flaw-update-now-to-prevent-building-automation-hijacks/

[/emaillocker]

Recent Advisories

DragonForce Ransomware Covers Masking Link Transfers Over Authorized Teams Exchanges

June 17, 2026

OptinMonster Supply Chain Attack Delivers WordPress Backdoors

June 17, 2026

Device Code Phishing Campaign Targets Microsoft 365 Users

June 17, 2026

UNC3753 Expands Targeted Campaign Against U.S. Legal Organizations

June 17, 2026

ABB EIBPORT Vulnerability Allows Unauthorized Configuration Access via Web Sessions

Recent Advisories

Report an Incident