Sign-up

ID

VAR-202007-0169


CVE

CVE-2020-10287


TITLE

IRC5 Inadequate protection of credentials in families vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008554

DESCRIPTION

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them). IRC5 The family contains vulnerabilities to inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB IRC5 is a robot control system. ABB IRC5 has a vulnerability in trust management, which can be exploited by remote attackers to submit special requests and gain unauthorized access to the system

Trust: 2.16

sources: NVD: CVE-2020-10287 // JVNDB: JVNDB-2020-008554 // CNVD: CNVD-2020-41210

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41210

AFFECTED PRODUCTS

vendor:abbmodel:irc5scope: - version: -

Trust: 1.4

vendor:abbmodel:irc5scope:eqversion: -

Trust: 1.0

vendor:abbmodel:irb140scope:eqversion: -

Trust: 1.0

vendor:abbmodel:irb140scope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2020-41210 // JVNDB: JVNDB-2020-008554 // NVD: CVE-2020-10287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10287
value: CRITICAL

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10287
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-008554
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-41210
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-1166
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10287
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008554
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-41210
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10287
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10287
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008554
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41210 // JVNDB: JVNDB-2020-008554 // CNNVD: CNNVD-202007-1166 // NVD: CVE-2020-10287 // NVD: CVE-2020-10287

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

problemtype:CWE-255

Trust: 1.0

sources: JVNDB: JVNDB-2020-008554 // NVD: CVE-2020-10287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1166

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-1166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008554

PATCH
title:Top Pageurl:https://global.abb/group/en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008554

EXTERNAL IDS
db:NVDid:CVE-2020-10287
Trust: 3.0
db:JVNDBid:JVNDB-2020-008554
Trust: 0.8
db:CNVDid:CNVD-2020-41210
Trust: 0.6
db:CNNVDid:CNNVD-202007-1166
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-41210 // 
            
            
            
            JVNDB: JVNDB-2020-008554 // 
            
            
            
            CNNVD: CNNVD-202007-1166 // 
            
            
            
            NVD: CVE-2020-10287

REFERENCES
url:https://github.com/aliasrobotics/rvd/issues/3326
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-10287
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10287
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-41210 // 
            
            
            
            JVNDB: JVNDB-2020-008554 // 
            
            
            
            CNNVD: CNNVD-202007-1166 // 
            
            
            
            NVD: CVE-2020-10287

SOURCES
db:CNVDid:CNVD-2020-41210
db:JVNDBid:JVNDB-2020-008554
db:CNNVDid:CNNVD-202007-1166
db:NVDid:CVE-2020-10287

LAST UPDATE DATE
2024-11-23T22:25:24.995000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-41210date:2020-07-21T00:00:00
db:JVNDBid:JVNDB-2020-008554date:2020-09-16T00:00:00
db:CNNVDid:CNNVD-202007-1166date:2021-01-04T00:00:00
db:NVDid:CVE-2020-10287date:2024-11-21T04:55:08.680

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-41210date:2020-07-21T00:00:00
db:JVNDBid:JVNDB-2020-008554date:2020-09-16T00:00:00
db:CNNVDid:CNNVD-202007-1166date:2020-07-15T00:00:00
db:NVDid:CVE-2020-10287date:2020-07-15T23:15:11.283