CVE-2020-10288

CWE-284 — Improper Access Control CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 41.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Irb140 ABB Robotware

Timeline

PublishedJul 15

Latest updateMay 24

Description

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5abb/irb140unspecified

▶NVDabb/robotware5.09

🔴Vulnerability Details

GHSA

GHSA-q3xf-jx9c-m8c9: IRC5 exposes an ftp server (port 21)↗2022-05-24

▶

CVEList

RVD#3327: No authentication required for accesing ABB IRC5 FTP server↗2020-07-15

▶