CVE-2016-4511 : ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.

Published 2016-06-10 01:59:11

Updated 2016-06-17 13:00:41

Source ICS-CERT

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-4511

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-4511

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
2.8	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N	1.3	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2016-4511

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4511

https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02

ABB PCM600 Vulnerabilities | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url

Products affected by CVE-2016-4511

ABB » Pcm600
Versions up to, including, (<=) 2.6
cpe:2.3:a:abb:pcm600:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-4511

Exploit prediction scoring system (EPSS) score for CVE-2016-4511

CVSS scores for CVE-2016-4511

CWE ids for CVE-2016-4511

References for CVE-2016-4511

Products affected by CVE-2016-4511