Sign-up

ID

VAR-201606-0248


CVE

CVE-2016-4511


TITLE

ABB PCM600 Vulnerability in obtaining important plaintext information

Trust: 0.8

sources: JVNDB: JVNDB-2016-003202

DESCRIPTION

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities: 1. An insecure password-hash vulnerability 2. Multiple insecure password storage vulnerabilities Successful attacks can allow a local attacker to gain unauthorized access to the application's users' password information. ABB PCM600 prior to 2.7 are vulnerable

Trust: 2.7

sources: NVD: CVE-2016-4511 // JVNDB: JVNDB-2016-003202 // CNVD: CNVD-2016-03750 // BID: 90966 // IVD: 5719c522-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-93330

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5719c522-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03750

AFFECTED PRODUCTS

vendor:abbmodel:pcm600scope:eqversion:2.6

Trust: 1.2

vendor:abbmodel:pcm600scope:lteversion:2.6

Trust: 1.0

vendor:abbmodel:pcm600scope:ltversion:2.7

Trust: 0.8

vendor:pcm600model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 5719c522-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03750 // JVNDB: JVNDB-2016-003202 // CNNVD: CNNVD-201605-713 // NVD: CVE-2016-4511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4511
value: LOW

Trust: 1.0

NVD: CVE-2016-4511
value: LOW

Trust: 0.8

CNVD: CNVD-2016-03750
value: LOW

Trust: 0.6

CNNVD: CNNVD-201605-713
value: LOW

Trust: 0.6

IVD: 5719c522-2351-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-93330
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-4511
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03750
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5719c522-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-93330
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4511
baseSeverity: LOW
baseScore: 2.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.3
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: 5719c522-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03750 // VULHUB: VHN-93330 // JVNDB: JVNDB-2016-003202 // CNNVD: CNNVD-201605-713 // NVD: CVE-2016-4511

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-93330 // JVNDB: JVNDB-2016-003202 // NVD: CVE-2016-4511

THREAT TYPE

local

Trust: 0.9

sources: BID: 90966 // CNNVD: CNNVD-201605-713

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201605-713

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003202

PATCH
title:Protection and Control IED Manager PCM600url:https://library.e.abb.com/public/2d9c28adfaa348ab91a041e507d3195b/PCM600_27_csdepl_758440_ENa.pdf
Trust: 0.8
title:ABB PCM600 password hash vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/76876
Trust: 0.6
title:ABB PCM600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62021
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03750 // 
            
            
            
            JVNDB: JVNDB-2016-003202 // 
            
            
            
            CNNVD: CNNVD-201605-713

EXTERNAL IDS
db:NVDid:CVE-2016-4511
Trust: 3.6
db:ICS CERTid:ICSA-16-152-02
Trust: 3.1
db:CNNVDid:CNNVD-201605-713
Trust: 0.9
db:CNVDid:CNVD-2016-03750
Trust: 0.8
db:JVNDBid:JVNDB-2016-003202
Trust: 0.8
db:AUSCERTid:ESB-2016.1375
Trust: 0.6
db:BIDid:90966
Trust: 0.3
db:IVDid:5719C522-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-93330
Trust: 0.1
sources:
            
            
            IVD: 5719c522-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-03750 // 
            
            
            
            VULHUB: VHN-93330 // 
            
            
            
            BID: 90966 // 
            
            
            
            JVNDB: JVNDB-2016-003202 // 
            
            
            
            CNNVD: CNNVD-201605-713 // 
            
            
            
            NVD: CVE-2016-4511

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-152-02
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4511
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4511
Trust: 0.8
url:http://www.auscert.org.au/./render.html?it=35270
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03750 // 
            
            
            
            VULHUB: VHN-93330 // 
            
            
            
            JVNDB: JVNDB-2016-003202 // 
            
            
            
            CNNVD: CNNVD-201605-713 // 
            
            
            
            NVD: CVE-2016-4511

CREDITS
The vendor reported these issue.
Trust: 0.3
sources:
            
            
            BID: 90966

SOURCES
db:IVDid:5719c522-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-03750
db:VULHUBid:VHN-93330
db:BIDid:90966
db:JVNDBid:JVNDB-2016-003202
db:CNNVDid:CNNVD-201605-713
db:NVDid:CVE-2016-4511

LAST UPDATE DATE
2024-08-14T13:32:32.427000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03750date:2016-06-02T00:00:00
db:VULHUBid:VHN-93330date:2016-06-17T00:00:00
db:BIDid:90966date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003202date:2016-06-27T00:00:00
db:CNNVDid:CNNVD-201605-713date:2016-06-12T00:00:00
db:NVDid:CVE-2016-4511date:2016-06-17T13:00:40.673

SOURCES RELEASE DATE
db:IVDid:5719c522-2351-11e6-abef-000c29c66e3ddate:2016-06-02T00:00:00
db:CNVDid:CNVD-2016-03750date:2016-06-02T00:00:00
db:VULHUBid:VHN-93330date:2016-06-10T00:00:00
db:BIDid:90966date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003202date:2016-06-17T00:00:00
db:CNNVDid:CNNVD-201605-713date:2016-05-31T00:00:00
db:NVDid:CVE-2016-4511date:2016-06-10T01:59:11.083