CVE-2023-1258
Flow-X disclosure of sensitive information to unauthenticated users
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.
ABB FlowX version 4.00 suffers from a sensitive information exposure vulnerability.
*Credits:
ABB would like to thank the following for working with us to help protect customers: Paul Smith of SCADAfence for reporting this vulnerability following coordinated disclosure
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-07 CVE Reserved
- 2023-03-31 CVE Published
- 2023-07-19 First Exploit
- 2024-08-02 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
- CAPEC-169: Footprinting
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/51603 | 2023-07-19 | |
http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html | 2024-08-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Abb Search vendor "Abb" | Flow-x\/m Firmware Search vendor "Abb" for product "Flow-x\/m Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/m Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/m Search vendor "Abb" for product "Flow-x\/m" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x\/c Firmware Search vendor "Abb" for product "Flow-x\/c Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/c Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/c Search vendor "Abb" for product "Flow-x\/c" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x\/k Firmware Search vendor "Abb" for product "Flow-x\/k Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/k Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/k Search vendor "Abb" for product "Flow-x\/k" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x\/s Firmware Search vendor "Abb" for product "Flow-x\/s Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/s Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/s Search vendor "Abb" for product "Flow-x\/s" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x\/p Firmware Search vendor "Abb" for product "Flow-x\/p Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/p Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/p Search vendor "Abb" for product "Flow-x\/p" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x R Firmware Search vendor "Abb" for product "Flow-x R Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x R Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x R Search vendor "Abb" for product "Flow-x R" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x\/t Firmware Search vendor "Abb" for product "Flow-x\/t Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/t Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/t Search vendor "Abb" for product "Flow-x\/t" | - | - |
Safe
|
Abb Search vendor "Abb" | Flow-x\/web Firmware Search vendor "Abb" for product "Flow-x\/web Firmware" | <= 3.2.6 Search vendor "Abb" for product "Flow-x\/web Firmware" and version " <= 3.2.6" | - |
Affected
| in | Abb Search vendor "Abb" | Flow-x\/web Search vendor "Abb" for product "Flow-x\/web" | - | - |
Safe
|