var-201606-0255
Vulnerability from variot
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlLocal users may get important information. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities: 1. An insecure password-hash vulnerability 2. Multiple insecure password storage vulnerabilities Successful attacks can allow a local attacker to gain unauthorized access to the application's users' password information. ABB PCM600 prior to 2.7 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcm600",
"scope": "eq",
"trust": 1.2,
"vendor": "abb",
"version": "2.6"
},
{
"model": "pcm600",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.6"
},
{
"model": "pcm600",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pcm600",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:pcm600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issue.",
"sources": [
{
"db": "BID",
"id": "90966"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4524",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-03752",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "57244dda-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-93343",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4524",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4524",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03752",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-715",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-93343",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "VULHUB",
"id": "VHN-93343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlLocal users may get important information. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities:\n1. An insecure password-hash vulnerability\n2. Multiple insecure password storage vulnerabilities\nSuccessful attacks can allow a local attacker to gain unauthorized access to the application\u0027s users\u0027 password information. \nABB PCM600 prior to 2.7 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-93343"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4524",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-152-02",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03752",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2016.1375",
"trust": 0.6
},
{
"db": "BID",
"id": "90966",
"trust": 0.3
},
{
"db": "IVD",
"id": "57244DDA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93343",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "VULHUB",
"id": "VHN-93343"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"id": "VAR-201606-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "VULHUB",
"id": "VHN-93343"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
}
]
},
"last_update_date": "2023-12-18T12:20:29.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Protection and Control IED Manager PCM600",
"trust": 0.8,
"url": "https://library.e.abb.com/public/2d9c28adfaa348ab91a041e507d3195b/pcm600_27_csdepl_758440_ena.pdf"
},
{
"title": "Patch for ABB PCM600 Credential Protection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76873"
},
{
"title": "ABB PCM600 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62023"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "NVD",
"id": "CVE-2016-4524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-152-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4524"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4524"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35270"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "VULHUB",
"id": "VHN-93343"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"db": "VULHUB",
"id": "VHN-93343"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-02T00:00:00",
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"date": "2016-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93343"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90966"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"date": "2016-06-10T01:59:13.037000",
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"date": "2016-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03752"
},
{
"date": "2016-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-93343"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90966"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003169"
},
{
"date": "2016-06-15T18:48:34.953000",
"db": "NVD",
"id": "CVE-2016-4524"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90966"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PCM600 Credential Protection Vulnerability",
"sources": [
{
"db": "IVD",
"id": "57244dda-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03752"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-715"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.