Details of VAR-202007-0170

ID

VAR-202007-0170

CVE

CVE-2020-10288

TITLE

IRC5 Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008555

DESCRIPTION

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. IRC5 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB IRC5 is a robot control system. The ABB IRC5 FTP server has an access control error vulnerability. Remote attackers can use this vulnerability to submit special requests and gain unauthorized access to the system

Trust: 2.16

sources: NVD: CVE-2020-10288 // JVNDB: JVNDB-2020-008555 // CNVD: CNVD-2020-41211

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-41211

AFFECTED PRODUCTS

vendor:	abb	model:	robotware	scope:	eq	version:	5.09	Trust: 1.0
vendor:	abb	model:	robotware	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	irc5	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-41211 // JVNDB: JVNDB-2020-008555 // NVD: CVE-2020-10288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10288
value:	CRITICAL
Trust: 1.0
cve@aliasrobotics.com:	CVE-2020-10288
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-008555
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-41211
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202007-1169
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-10288
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008555
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-41211
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-10288
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@aliasrobotics.com:	CVE-2020-10288
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-008555
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-41211 // JVNDB: JVNDB-2020-008555 // CNNVD: CNNVD-202007-1169 // NVD: CVE-2020-10288 // NVD: CVE-2020-10288

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.8
problemtype:	CWE-284	Trust: 1.0

sources: JVNDB: JVNDB-2020-008555 // NVD: CVE-2020-10288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1169

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1169

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008555

PATCH

title:

Top Page

url:

https://global.abb/group/en

Trust: 0.8

sources: JVNDB: JVNDB-2020-008555

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10288	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-008555	Trust: 0.8
db:	CNVD	id:	CNVD-2020-41211	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1169	Trust: 0.6

sources: CNVD: CNVD-2020-41211 // JVNDB: JVNDB-2020-008555 // CNNVD: CNNVD-202007-1169 // NVD: CVE-2020-10288

REFERENCES

url:	https://github.com/aliasrobotics/rvd/issues/3327	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10288	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10288	Trust: 0.8

sources: CNVD: CNVD-2020-41211 // JVNDB: JVNDB-2020-008555 // CNNVD: CNNVD-202007-1169 // NVD: CVE-2020-10288

SOURCES

db:	CNVD	id:	CNVD-2020-41211
db:	JVNDB	id:	JVNDB-2020-008555
db:	CNNVD	id:	CNNVD-202007-1169
db:	NVD	id:	CVE-2020-10288

LAST UPDATE DATE

2024-11-23T22:16:26.123000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-41211	date:	2020-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-008555	date:	2020-09-16T00:00:00
db:	CNNVD	id:	CNNVD-202007-1169	date:	2022-03-08T00:00:00
db:	NVD	id:	CVE-2020-10288	date:	2024-11-21T04:55:08.807

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-41211	date:	2020-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-008555	date:	2020-09-16T00:00:00
db:	CNNVD	id:	CNNVD-202007-1169	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-10288	date:	2020-07-15T23:15:11.393