CVE-2017-15583 MEDIUM

Published: 2017-10-18 | Last Modified: 2026-06-17 | Status: Modified

Description

The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.

Additional Descriptions (1)

El servidor web embebido en dispositivos ABB Fox515T 1.0 es vulnerable a Local File Inclusion. Acepta un parámetro que especifica un archivo para mostrar o emplear como plantilla. El nombre de archivo no se valida, por lo que un atacante podría recuperar cualquier archivo.

CVSS Metrics

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-200

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	fox515t_firmware	*	<built-in method update of dict object at 0x72a9cd07bd80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:fox515t_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:fox515t:-:::::::*`

References

http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW028693&LanguageCode=en&DocumentPartId=&Action=Launch
Source: [email protected]

Vendor Advisory
http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW028693&LanguageCode=en&DocumentPartId=&Action=Launch
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory