ID

VAR-201606-0257


CVE

CVE-2016-4527


TITLE

ABB PCM600 Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-003170

DESCRIPTION

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities: 1. An insecure password-hash vulnerability 2. Multiple insecure password storage vulnerabilities Successful attacks can allow a local attacker to gain unauthorized access to the application's users' password information. ABB PCM600 prior to 2.7 are vulnerable. The vulnerability is caused by the program not storing the authentication certificate correctly

Trust: 2.7

sources: NVD: CVE-2016-4527 // JVNDB: JVNDB-2016-003170 // CNVD: CNVD-2016-03749 // BID: 90966 // IVD: 57220084-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-93346

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749

AFFECTED PRODUCTS

vendor:abbmodel:pcm600scope:eqversion:2.6

Trust: 1.2

vendor:abbmodel:pcm600scope:lteversion:2.6

Trust: 1.0

vendor:abbmodel:pcm600scope:ltversion:2.7

Trust: 0.8

vendor:pcm600model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716 // NVD: CVE-2016-4527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4527
value: LOW

Trust: 1.0

NVD: CVE-2016-4527
value: LOW

Trust: 0.8

CNVD: CNVD-2016-03749
value: LOW

Trust: 0.6

CNNVD: CNNVD-201605-716
value: LOW

Trust: 0.6

IVD: 57220084-2351-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-93346
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-4527
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03749
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 57220084-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-93346
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4527
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749 // VULHUB: VHN-93346 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716 // NVD: CVE-2016-4527

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-93346 // JVNDB: JVNDB-2016-003170 // NVD: CVE-2016-4527

THREAT TYPE

local

Trust: 0.9

sources: BID: 90966 // CNNVD: CNNVD-201605-716

TYPE

Trust management

Trust: 0.8

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-716

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003170

PATCH

title:Protection and Control IED Manager PCM600url:https://library.e.abb.com/public/2d9c28adfaa348ab91a041e507d3195b/PCM600_27_csdepl_758440_ENa.pdf

Trust: 0.8

title:Patch for ABB PCM600 Credential Protection Vulnerability (CNVD-2016-03749)url:https://www.cnvd.org.cn/patchInfo/show/76875

Trust: 0.6

title:ABB PCM600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62024

Trust: 0.6

sources: CNVD: CNVD-2016-03749 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716

EXTERNAL IDS

db:NVDid:CVE-2016-4527

Trust: 3.6

db:ICS CERTid:ICSA-16-152-02

Trust: 3.1

db:CNNVDid:CNNVD-201605-716

Trust: 0.9

db:CNVDid:CNVD-2016-03749

Trust: 0.8

db:JVNDBid:JVNDB-2016-003170

Trust: 0.8

db:AUSCERTid:ESB-2016.1375

Trust: 0.6

db:BIDid:90966

Trust: 0.3

db:IVDid:57220084-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-93346

Trust: 0.1

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749 // VULHUB: VHN-93346 // BID: 90966 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716 // NVD: CVE-2016-4527

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-152-02

Trust: 3.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4527

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4527

Trust: 0.8

url:http://www.auscert.org.au/./render.html?it=35270

Trust: 0.6

sources: CNVD: CNVD-2016-03749 // VULHUB: VHN-93346 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716 // NVD: CVE-2016-4527

CREDITS

The vendor reported these issue.

Trust: 0.3

sources: BID: 90966

SOURCES

db:IVDid:57220084-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-03749
db:VULHUBid:VHN-93346
db:BIDid:90966
db:JVNDBid:JVNDB-2016-003170
db:CNNVDid:CNNVD-201605-716
db:NVDid:CVE-2016-4527

LAST UPDATE DATE

2024-08-14T13:32:32.552000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-03749date:2016-06-02T00:00:00
db:VULHUBid:VHN-93346date:2016-06-15T00:00:00
db:BIDid:90966date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003170date:2016-06-16T00:00:00
db:CNNVDid:CNNVD-201605-716date:2016-06-12T00:00:00
db:NVDid:CVE-2016-4527date:2016-06-15T18:48:01.247

SOURCES RELEASE DATE

db:IVDid:57220084-2351-11e6-abef-000c29c66e3ddate:2016-06-02T00:00:00
db:CNVDid:CNVD-2016-03749date:2016-06-02T00:00:00
db:VULHUBid:VHN-93346date:2016-06-10T00:00:00
db:BIDid:90966date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003170date:2016-06-16T00:00:00
db:CNNVDid:CNNVD-201605-716date:2016-05-31T00:00:00
db:NVDid:CVE-2016-4527date:2016-06-10T01:59:14.037