CRITICAL🇵🇱 Wersja polska

CVE-2020-10287

CVSS 9.8v3.1pub. 2020-07-15upd. 2024-11-21

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Abb Irb140

    HW
    Abb
    wszystkie wersje
  • Abb Irb140 Firmware

    OS
    Abb
    wszystkie wersje
  • Abb Irc5

    HW
    Abb
    wszystkie wersje
  • Abb Irc5 Firmware

    OS
    Abb
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-10288CRITICAL9.8ten sam produkt

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of user...

CVE-2024-1913HIGH7.6ten sam produkt

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot co...

CVE-2024-1914MEDIUM6.5ten sam produkt

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot con...

CVE-2024-51547CRITICAL9.3PL ✓ten sam vendor

Zakodowane na stałe dane uwierzytelniające w urządzeniach ABB ASPECT/NEXUS/MATRIX

CVE-2024-11317CRITICAL9.3PL ✓ten sam vendor

Session Fixation w ABB ASPECT i NEXUS/MATRIX Series — przejęcie sesji użytkownika