CVE-2019-10995 - OpenCVE

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Cp651 Cp651-web Cp651-web Firmware Cp651 Firmware Cp661 Cp661-web Cp661-web Firmware Cp661 Firmware Cp665 Cp665-web Cp665-web Firmware Cp665 Firmware Cp676 Cp676-web Cp676-web Firmware Cp676 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*

cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108928
https://www.us-cert.gov/ics/advisories/icsa-19-178-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-01-14T16:20:10

Updated: 2024-08-04T22:40:15.592Z

Reserved: 2019-04-08T00:00:00

Link: CVE-2019-10995

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-14T17:15:12.427

Modified: 2020-01-24T13:53:04.020

Link: CVE-2019-10995

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object