CVE-2020-10287 β€” Insufficiently Protected Credentials in Irb140

CWE-255CWE-522 β€” Insufficiently Protected Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 40.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ABB Irb140
Timeline
PublishedJul 15
Latest updateMay 24

Description

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆCVEListV5abb/irb140unspecified

πŸ”΄Vulnerability Details

2
GHSA
GHSA-53f8-p3cp-57m5: The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals↗2022-05-24
β–Ά
CVEList
RVD#3326: Hardcoded default credentials on IRC 5 OPC Server↗2020-07-15
β–Ά
CVE-2020-10287 β€” Insufficiently Protected Credentials | cvebase