Open
Description
{
"id": 40,
"title": "RVD#40: Previous firmware revisions to 11.2s2 are vulnerable to authentication bypass",
"type": "vulnerability",
"description": "After analyzing ABB\u2019s Service Box device in a black box fashion and discovered a severe authentication-bypass vulnerability that allows an attacker to read the configuration and some device information (e.g., event logs) without knowing the administrator password. This vulnerability was disclosed to the vendor (through ABB), which fixed the issue in the latest firmware revision (11.2s2).## Credits to Federico Maggi, Trend Micro Forward-Looking Threat Research, Davide Quarta, Marcello Pogliani, Mario Polino, Andrea M. Zanchettin, and Stefano Zanero, Politecnico di Milano",
"cwe": "CWE-Improper Authentication - Generic (CWE-287)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: ABB's Service Box",
"severity: high",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "ABB's Service Box",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/40"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/40",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}