CVE-2016-4524 MEDIUM

Published: 2016-06-10 | Last Modified: 2026-06-17 | Status: Modified

Description

ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors.

Additional Descriptions (1)

ABB PCM600 en versiones anteriores a 2.7 no almacena correctamente contraseñas OPC Server IEC61850 en circunstancias temporales no especificadas, lo que permite a usuarios locales obtener información sensible a través de vectores desconocidos.

CVSS Metrics

Base Score: 2.1 (LOW)

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-284 en CWE-310

Affected Products

Vendor	Product	Version	Update	Type
abb	pcm600	*	<built-in method update of dict object at 0x72a9b0c23780>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:abb:pcm600::::::::`

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Source: [email protected]

Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource