Sign-up

ID

VAR-201606-0257


CVE

CVE-2016-4527


TITLE

ABB PCM600 Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-003170

DESCRIPTION

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. ABB PCM600 is a protection and control IED manager for the energy industry. A local attacker could exploit this vulnerability to access affected devices. ABB PCM600 is prone to following security vulnerabilities: 1. An insecure password-hash vulnerability 2. Multiple insecure password storage vulnerabilities Successful attacks can allow a local attacker to gain unauthorized access to the application's users' password information. ABB PCM600 prior to 2.7 are vulnerable. The vulnerability is caused by the program not storing the authentication certificate correctly

Trust: 2.7

sources: NVD: CVE-2016-4527 // JVNDB: JVNDB-2016-003170 // CNVD: CNVD-2016-03749 // BID: 90966 // IVD: 57220084-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-93346

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749

AFFECTED PRODUCTS

vendor:abbmodel:pcm600scope:eqversion:2.6

Trust: 1.2

vendor:abbmodel:pcm600scope:lteversion:2.6

Trust: 1.0

vendor:abbmodel:pcm600scope:ltversion:2.7

Trust: 0.8

vendor:pcm600model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716 // NVD: CVE-2016-4527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4527
value: LOW

Trust: 1.0

NVD: CVE-2016-4527
value: LOW

Trust: 0.8

CNVD: CNVD-2016-03749
value: LOW

Trust: 0.6

CNNVD: CNNVD-201605-716
value: LOW

Trust: 0.6

IVD: 57220084-2351-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-93346
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-4527
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03749
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 57220084-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-93346
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4527
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-03749 // VULHUB: VHN-93346 // JVNDB: JVNDB-2016-003170 // CNNVD: CNNVD-201605-716 // NVD: CVE-2016-4527

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-93346 // JVNDB: JVNDB-2016-003170 // NVD: CVE-2016-4527

THREAT TYPE

local

Trust: 0.9

sources: BID: 90966 // CNNVD: CNNVD-201605-716

TYPE

Trust management

Trust: 0.8

sources: IVD: 57220084-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201605-716

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003170

PATCH
title:Protection and Control IED Manager PCM600url:https://library.e.abb.com/public/2d9c28adfaa348ab91a041e507d3195b/PCM600_27_csdepl_758440_ENa.pdf
Trust: 0.8
title:Patch for ABB PCM600 Credential Protection Vulnerability (CNVD-2016-03749)url:https://www.cnvd.org.cn/patchInfo/show/76875
Trust: 0.6
title:ABB PCM600 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62024
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03749 // 
            
            
            
            JVNDB: JVNDB-2016-003170 // 
            
            
            
            CNNVD: CNNVD-201605-716

EXTERNAL IDS
db:NVDid:CVE-2016-4527
Trust: 3.6
db:ICS CERTid:ICSA-16-152-02
Trust: 3.1
db:CNNVDid:CNNVD-201605-716
Trust: 0.9
db:CNVDid:CNVD-2016-03749
Trust: 0.8
db:JVNDBid:JVNDB-2016-003170
Trust: 0.8
db:AUSCERTid:ESB-2016.1375
Trust: 0.6
db:BIDid:90966
Trust: 0.3
db:IVDid:57220084-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-93346
Trust: 0.1
sources:
            
            
            IVD: 57220084-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-03749 // 
            
            
            
            VULHUB: VHN-93346 // 
            
            
            
            BID: 90966 // 
            
            
            
            JVNDB: JVNDB-2016-003170 // 
            
            
            
            CNNVD: CNNVD-201605-716 // 
            
            
            
            NVD: CVE-2016-4527

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-152-02
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4527
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4527
Trust: 0.8
url:http://www.auscert.org.au/./render.html?it=35270
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03749 // 
            
            
            
            VULHUB: VHN-93346 // 
            
            
            
            JVNDB: JVNDB-2016-003170 // 
            
            
            
            CNNVD: CNNVD-201605-716 // 
            
            
            
            NVD: CVE-2016-4527

CREDITS
The vendor reported these issue.
Trust: 0.3
sources:
            
            
            BID: 90966

SOURCES
db:IVDid:57220084-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-03749
db:VULHUBid:VHN-93346
db:BIDid:90966
db:JVNDBid:JVNDB-2016-003170
db:CNNVDid:CNNVD-201605-716
db:NVDid:CVE-2016-4527

LAST UPDATE DATE
2024-08-14T13:32:32.552000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03749date:2016-06-02T00:00:00
db:VULHUBid:VHN-93346date:2016-06-15T00:00:00
db:BIDid:90966date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003170date:2016-06-16T00:00:00
db:CNNVDid:CNNVD-201605-716date:2016-06-12T00:00:00
db:NVDid:CVE-2016-4527date:2016-06-15T18:48:01.247

SOURCES RELEASE DATE
db:IVDid:57220084-2351-11e6-abef-000c29c66e3ddate:2016-06-02T00:00:00
db:CNVDid:CNVD-2016-03749date:2016-06-02T00:00:00
db:VULHUBid:VHN-93346date:2016-06-10T00:00:00
db:BIDid:90966date:2016-05-31T00:00:00
db:JVNDBid:JVNDB-2016-003170date:2016-06-16T00:00:00
db:CNNVDid:CNNVD-201605-716date:2016-05-31T00:00:00
db:NVDid:CVE-2016-4527date:2016-06-10T01:59:14.037