CVE-2016-4516 LOW

Published: 2016-06-10 | Last Modified: 2026-06-17 | Status: Modified

Description

ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.

Additional Descriptions (1)

ABB PCM600 en versiones anteriores a 2.7 no almacena correctamente la contraseña principal de la aplicación después de un cambio de contraseña, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados.

CVSS Metrics

Base Score: 2.1 (LOW)

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-200

Affected Products

Vendor	Product	Version	Update	Type
abb	pcm600	*	<built-in method update of dict object at 0x72a9b0c23d80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:abb:pcm600::::::::`

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Source: [email protected]

Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource