CVE-2020-10288 - OpenCVE

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Irb140 Irc5 Robotware
Windriver	Vxworks

Configuration 1 [-]

AND

cpe:2.3:a:abb:robotware:5.09:*:*:*:*:*:*:*

OR	cpe:2.3:h:abb:irb140:-:::::::*
	cpe:2.3:h:abb:irc5:-:::::::*
	cpe:2.3:o:windriver:vxworks:5.5.1:::::::*

No data.

References

Link	Providers
https://github.com/aliasrobotics/RVD/issues/3327

History

No history.

MITRE

Status: PUBLISHED

Assigner: Alias

Published: 2020-07-15T22:15:13.640890Z

Updated: 2024-09-16T19:51:41.495Z

Reserved: 2020-03-10T00:00:00

Link: CVE-2020-10288

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-15T23:15:11.393

Modified: 2020-07-23T17:22:18.030

Link: CVE-2020-10288

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "IRB140", "vendor": "ABB", "versions": [{"status": "affected", "version": "unspecified"}]}], "credits": [{"lang": "en", "value": "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)"}], "datePublic": "2020-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T22:15:13", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aliasrobotics/RVD/issues/3327"}], "source": {"defect": ["RVD#3327"], "discovery": "EXTERNAL"}, "title": "RVD#3327: No authentication required for accesing ABB IRC5 FTP server", "x_generator": {"engine": "Robot Vulnerability Database (RVD)"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-07-15T22:11:11 +00:00", "ID": "CVE-2020-10288", "STATE": "PUBLIC", "TITLE": "RVD#3327: No authentication required for accesing ABB IRC5 FTP server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IRB140", "version": {"version_data": [{"version_value": ""}]}}]}, "vendor_name": "ABB"}]}}, "credit": [{"lang": "eng", "value": "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted."}]}, "generator": {"engine": "Robot Vulnerability Database (RVD)"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "critical", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "https://github.com/aliasrobotics/RVD/issues/3327", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/3327"}]}, "source": {"defect": ["RVD#3327"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:58:39.980Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/aliasrobotics/RVD/issues/3327"}]}]}, "cveMetadata": {"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10288", "datePublished": "2020-07-15T22:15:13.640890Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-16T19:51:41.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:robotware:5.09:*:*:*:*:*:*:*", "matchCriteriaId": "C9C363AC-475E-42E1-937B-D34A45AE9E32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A6784E9-6C10-4DC4-8CDB-091EFF88BD2F", "vulnerable": false}, {"criteria": "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB3C36DB-C7BB-4EB2-AE54-CE72067D1592", "vulnerable": false}, {"criteria": "cpe:2.3:o:windriver:vxworks:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2490A606-8525-4D45-B0A5-975E125257A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted."}, {"lang": "es", "value": "IRC5 expone un servidor ftp (puerto 21). Al intentar conseguir acceso, se le solicita una petici\u00f3n de nombre de usuario y contrase\u00f1a, sin embargo, puede ingresar lo que desee. Mientras el campo no est\u00e9 vac\u00edo, ser\u00e1 aceptado"}], "id": "CVE-2020-10288", "lastModified": "2020-07-23T17:22:18.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@aliasrobotics.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-15T23:15:11.393", "references": [{"source": "cve@aliasrobotics.com", "tags": ["Third Party Advisory"], "url": "https://github.com/aliasrobotics/RVD/issues/3327"}], "sourceIdentifier": "cve@aliasrobotics.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve@aliasrobotics.com", "type": "Secondary"}]}