VAR-201606-0257
Vulnerability from variot - Updated: 2023-12-18 12:20ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities: 1. An insecure password-hash vulnerability 2. Multiple insecure password storage vulnerabilities Successful attacks can allow a local attacker to gain unauthorized access to the application's users' password information. ABB PCM600 prior to 2.7 are vulnerable. The vulnerability is caused by the program not storing the authentication certificate correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcm600",
"scope": "eq",
"trust": 1.2,
"vendor": "abb",
"version": "2.6"
},
{
"model": "pcm600",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.6"
},
{
"model": "pcm600",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pcm600",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:pcm600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4527"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issue.",
"sources": [
{
"db": "BID",
"id": "90966"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4527",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-03749",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "57220084-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-93346",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4527",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4527",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2016-03749",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-716",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-93346",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities:\n1. An insecure password-hash vulnerability\n2. Multiple insecure password storage vulnerabilities\nSuccessful attacks can allow a local attacker to gain unauthorized access to the application\u0027s users\u0027 password information. \nABB PCM600 prior to 2.7 are vulnerable. The vulnerability is caused by the program not storing the authentication certificate correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-93346"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4527",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-152-02",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03749",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2016.1375",
"trust": 0.6
},
{
"db": "BID",
"id": "90966",
"trust": 0.3
},
{
"db": "IVD",
"id": "57220084-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93346",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"id": "VAR-201606-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
}
]
},
"last_update_date": "2023-12-18T12:20:29.364000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Protection and Control IED Manager PCM600",
"trust": 0.8,
"url": "https://library.e.abb.com/public/2d9c28adfaa348ab91a041e507d3195b/pcm600_27_csdepl_758440_ena.pdf"
},
{
"title": "Patch for ABB PCM600 Credential Protection Vulnerability (CNVD-2016-03749)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76875"
},
{
"title": "ABB PCM600 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62024"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-152-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4527"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4527"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35270"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"db": "VULHUB",
"id": "VHN-93346"
},
{
"db": "BID",
"id": "90966"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-02T00:00:00",
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"date": "2016-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-93346"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90966"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"date": "2016-06-10T01:59:14.037000",
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"date": "2016-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03749"
},
{
"date": "2016-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-93346"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90966"
},
{
"date": "2016-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003170"
},
{
"date": "2016-06-15T18:48:01.247000",
"db": "NVD",
"id": "CVE-2016-4527"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90966"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PCM600 Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "57220084-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-716"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…