CVE-2020-10287

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/aliasrobotics/RVD/issues/3326	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:abb:irb140_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:abb:irc5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-15 23:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-10287

Mitre link : CVE-2020-10287

CVE.ORG link : CVE-2020-10287

JSON object : View

Products Affected

abb

irb140
irc5_firmware
irc5
irb140_firmware

CWE

CWE-522

Insufficiently Protected Credentials

CWE-255

Credentials Management Errors

{"id": "CVE-2020-10287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-07-15T23:15:11.283", "references": [{"url": "https://github.com/aliasrobotics/RVD/issues/3326", "tags": ["Third Party Advisory"], "source": "cve@aliasrobotics.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them)."}, {"lang": "es", "value": "La familia IRC5 con servicio UAS habilitado viene por defecto con credenciales que se pueden encontrar en los manuales disponibles p\u00fablicamente. ABB considera que esta es una funcionalidad bien documentada que ayuda al cliente a configurar, sin embargo, a partir de nuestra investigaci\u00f3n, encontramos m\u00faltiples sistemas de producci\u00f3n que ejecutan estas credenciales predeterminadas exactas y consideramos que es una exposici\u00f3n que debe ser mitigada. Adem\u00e1s, las implementaciones futuras deber\u00edan considerar que estos valores predeterminados deber\u00edan estar prohibidos (el usuario deber\u00eda verse forzado a cambiarlos)"}], "lastModified": "2020-07-24T14:31:51.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:irb140_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D490DBD-AF3C-46EF-8CA0-6C113C7FF3A8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A6784E9-6C10-4DC4-8CDB-091EFF88BD2F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:irc5_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23C8161D-E950-45DC-B8D8-D34B161B4C5C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB3C36DB-C7BB-4EB2-AE54-CE72067D1592"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@aliasrobotics.com"}