Information disclosure in ABB FOX515T

Published: 2017-11-01 15:15:19
Severity Low
Patch available NO
Number of vulnerabilities 1
CVSSv2 4.2 (AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:C)
CVSSv3 4.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE ID CVE-2017-14025
CWE ID CWE-20
Exploitation vector Local
Public exploit Not available
Vulnerable software FOX515T
Vulnerable software versions FOX515T 1.0
Vendor URL ABB
Advisory type Public

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can provide a malicious parameter to the script and retrieve any file on the server.

Remediation

Cybersecurity is currently unaware of any solutions addressing the vulnerability.

External links

http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW028693&LanguageCode=en&am...

Back to List