CVE-2023-1258
published 2023-03-31CVE-2023-1258: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows…
PriorityP337medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
3.88%
88.9th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| abb | flow-x | < 4.0 | 4.0 |
| abb | flow-x_c_firmware | <= 3.2.6 | — |
| abb | flow-x_k_firmware | <= 3.2.6 | — |
| abb | flow-x_m_firmware | <= 3.2.6 | — |
| abb | flow-x_p_firmware | <= 3.2.6 | — |
| abb | flow-x_r_firmware | <= 3.2.6 | — |
| abb | flow-x_s_firmware | <= 3.2.6 | — |
| abb | flow-x_t_firmware | <= 3.2.6 | — |
| abb | flow-x_web_firmware | <= 3.2.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.htmlhttps://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launchhttp://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.htmlhttps://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch
2023-03-31
Published