var-201606-0257
Vulnerability from variot
ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities: 1. An insecure password-hash vulnerability 2. Multiple insecure password storage vulnerabilities Successful attacks can allow a local attacker to gain unauthorized access to the application's users' password information. ABB PCM600 prior to 2.7 are vulnerable. The vulnerability is caused by the program not storing the authentication certificate correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcm600",
"scope": "eq",
"trust": 1.2,
"vendor": "abb",
"version": "2.6"
},
{
"model": "pcm600",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.6"
},
{
"model": "pcm600",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pcm600",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:pcm600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issue.",
"sources": [
{
"db": "BID",
"id": "90966"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4527",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-03749",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "57220084-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-93346",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4527",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4527",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2016-03749",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-716",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-93346",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities:\n1. An insecure password-hash vulnerability\n2. Multiple insecure password storage vulnerabilities\nSuccessful attacks can allow a local attacker to gain unauthorized access to the application\u0027s users\u0027 password information. \nABB PCM600 prior to 2.7 are vulnerable. The vulnerability is caused by the program not storing the authentication certificate correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-93346"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4527",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-152-02",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03749",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2016.1375",
"trust": 0.6
},
{
"db": "BID",
"id": "90966",
"trust": 0.3
},
{
"db": "IVD",
"id": "57220084-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93346",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"id": "VAR-201606-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
}
]
},
"last_update_date": "2023-12-18T12:20:29.364000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Protection and Control IED Manager PCM600",
"trust": 0.8,
"url": "https://library.e.abb.com/public/2d9c28adfaa348ab91a041e507d3195b/pcm600_27_csdepl_758440_ena.pdf"
},
{
"title": "Patch for ABB PCM600 Credential Protection Vulnerability (CNVD-2016-03749)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76875"
},
{
"title": "ABB PCM600 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62024"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-152-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4527"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4527"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35270"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-02T00:00:00",
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"date": "2016-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93346"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90966"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"date": "2016-06-10T01:59:14.037000",
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"date": "2016-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"date": "2016-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-93346"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90966"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"date": "2016-06-15T18:48:01.247000",
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90966"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PCM600 Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
],
"trust": 0.8
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.