CVE-2016-4511 LOW

Published: 2016-06-10 | Last Modified: 2026-06-17 | Status: Modified

Description

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.

Additional Descriptions (1)

ABB PCM600 en versiones anteriores a 2.7 utiliza un algoritmo hash inadecuado para la contraseña principal de la aplicación, lo que facilita a usuarios locales obtener información sensible en texto plano aprovechando acceso de lectura al archivo de configuración ACTConfig.

CVSS Metrics

Base Score: 1.9 (LOW)

AV:L/AC:M/Au:N/C:P/I:N/A:N

Access Vector	LOCAL
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.4

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-310

Affected Products

Vendor	Product	Version	Update	Type
abb	pcm600	*	<built-in method update of dict object at 0x72a9cd06f200>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:abb:pcm600::::::::`

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Source: [email protected]

Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource