CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10287 – RVD#3326: Hardcoded default credentials on IRC 5 OPC Server
https://notcve.org/view.php?id=CVE-2020-10287
15 Jul 2020 — The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them). La familia IRC... • https://github.com/aliasrobotics/RVD/issues/3326 • CWE-255: Credentials Management Errors CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10288 – RVD#3327: No authentication required for accesing ABB IRC5 FTP server
https://notcve.org/view.php?id=CVE-2020-10288
15 Jul 2020 — IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. IRC5 expone un servidor ftp (puerto 21). Al intentar conseguir acceso, se le solicita una petición de nombre de usuario y contraseña, sin embargo, puede ingresar lo que desee. • https://github.com/aliasrobotics/RVD/issues/3327 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8482 – ABB Device Library Wizard Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8482
29 May 2020 — Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data Un almacenamiento no seguro de información confidencial en las versiones 6.0.X, 6.0.3.1 y 6.0.3.2 de ABB Device Library Wizard, permite a un usuario no autenticado con pocos privilegios leer archivos que contienen datos confidenciales. • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8489 – ABB System 800xA Inter process communication vulnerability - 800xA Information Management
https://notcve.org/view.php?id=CVE-2020-8489
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA Information Management (todas las versiones publicadas), permite a un atacante autentica... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8488 – ABB System 800xA Inter process communication vulnerability - 800xA Batch Management
https://notcve.org/view.php?id=CVE-2020-8488
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA Batch Management (todas las versiones publicadas), permite a un atacante autenticado en el sistema local inyectar datos... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8487 – ABB System 800xA Inter process communication vulnerability - System 800xA Base
https://notcve.org/view.php?id=CVE-2020-8487
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA Base (todas las versiones publicadas), permite a un atacante autenticado en el sistema local inyectar datos, afectando al manejo de la redundancia de nodos. • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8486 – ABB System 800xA Inter process communication vulnerability - 800xA RNRP
https://notcve.org/view.php?id=CVE-2020-8486
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA RNRP (todas las versiones publicadas), permite a un atacante autentificado en el sistema local inyectar datos, afectando al manejo de la redundancia de nodos. • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8485 – ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
https://notcve.org/view.php?id=CVE-2020-8485
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA para MOD 300 (todas las versiones publicadas), permite a un atacante autentificado en el sistema local inyectar datos, permitiendo leer y ... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8484 – ABB System 800xA Inter process communication vulnerability - 800xA for DCI
https://notcve.org/view.php?id=CVE-2020-8484
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA para DCI (todas las versiones publicadas), permite a un atacante autentificado en el sistema local inyectar datos, permitiendo leer y escribir... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8478 – ABB System 800xA Inter process communication vulnerability
https://notcve.org/view.php?id=CVE-2020-8478
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. Una protección insuficiente de las funciones de comunicación entre procesos en los productos OPC Server para AC 800M, MMS Server para AC 800M y Base Software para SoftCon... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-264: Permissions, Privileges, and Access Controls •