CVE-2020-10288
RVD#3327: No authentication required for accesing ABB IRC5 FTP server
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
IRC5 expone un servidor ftp (puerto 21). Al intentar conseguir acceso, se le solicita una petición de nombre de usuario y contraseña, sin embargo, puede ingresar lo que desee. Mientras el campo no esté vacío, será aceptado
*Credits:
Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-10 CVE Reserved
- 2020-07-15 CVE Published
- 2023-03-31 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/aliasrobotics/RVD/issues/3327 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Abb Search vendor "Abb" | Robotware Search vendor "Abb" for product "Robotware" | 5.09 Search vendor "Abb" for product "Robotware" and version "5.09" | - |
Affected
| in | Abb Search vendor "Abb" | Irb140 Search vendor "Abb" for product "Irb140" | - | - |
Safe
|
| Abb Search vendor "Abb" | Robotware Search vendor "Abb" for product "Robotware" | 5.09 Search vendor "Abb" for product "Robotware" and version "5.09" | - |
Affected
| in | Abb Search vendor "Abb" | Irc5 Search vendor "Abb" for product "Irc5" | - | - |
Safe
|
| Abb Search vendor "Abb" | Robotware Search vendor "Abb" for product "Robotware" | 5.09 Search vendor "Abb" for product "Robotware" and version "5.09" | - |
Affected
| in | Windriver Search vendor "Windriver" | Vxworks Search vendor "Windriver" for product "Vxworks" | 5.5.1 Search vendor "Windriver" for product "Vxworks" and version "5.5.1" | - |
Safe
|