7PAA023732 — Vulnetix

7PAA023732 PUBLISHED CVSS 3.5999999046325684 LOW

ABB is aware of public reports of vulnerabilities in 7-Zip version 18.5 and Microsoft Azure Data Studio version 1.32 included in the product versions listed as affected in the advisory. The vulnerability in 7-Zip can be exploited if attacker gains control over the system and extracts a malicious file using this version of 7-Zip. Otherwise, the attacker must force the user to visit malicious websites or click links and extract the package through 7-zip. Microsoft Azure Data Studio gets installed along with SQL Server Management Studio. An attacker who successfully exploits vulnerability in Microsoft Azure Data studio may compromise the security of the product by gaining privileges, reading sensitive information, executing commands, evading detection, etc. if the Authentication, Authorization and Accountability is not configured properly in the system. However, none of the products listed above uses Microsoft Azure Data Studio. Microsoft Azure Data Studio is automatically removed from the system from System 800xA 7.0 onwards. These vulnerabilities may appear when the product media is scanned. However, they can only be ex-ploited if the vulnerable software is installed on the system. For this reason, it is strongly advised to uninstall outdated or vulnerable versions of third-party software immediately.

Risk Scores

CVSS v3.1

3.5999999046325684

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	ABB Application Change Management <=6.2
	ABB 800xA for Symphony Plus Harmony <=6.2
	ABB 800xA History <=7.0
	ABB Batch Management <=6.2
	ABB 800xA for AC 870P Melody <=6.2
	ABB Production Response Batch History <=6.2

Timeline

Feb 6, 2025 PoC Published
Feb 16, 2025 PoC Published
Mar 26, 2025 PoC Published
Nov 22, 2025 PoC Published
Mar 31, 2026 CVE Published

References

Open in Interactive Console →