CVE-2023-1258
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | Flow-X | 0 < 4.0 | affected |
Weaknesses
- CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Workarounds
To minimize the risk of unauthorized access to sensitive information, ABB recommends to only operate Flow-X flow computers in secure networks. Additionally, ABB recommends that HTTPS is used to communicate with the Flow-X web server. HTTPS support has been implemented since version 1.2.2 (available as of June 2016) and is enabled by default since version 3.2.0 (available as of September 2020). To minimize the risk of exposed security information on one device leading to unauthorized access on other devices, ABB recommends that customers change the usernames and passwords that are part of the standard application and to use different usernames and password on different devices
ADP Enrichment
CVE Program Container
Additional References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch
- http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch
- http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.