CVE-2023-0580 - OpenCVE

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	My Control System

Configuration 1 [-]

cpe:2.3:a:abb:my_control_system:*:*:*:*:on-premise:*:*:*

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2023-04-06T16:19:51.149Z

Updated: 2024-08-02T05:17:50.047Z

Reserved: 2023-01-30T12:33:45.875Z

Link: CVE-2023-0580

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-06T17:15:10.050

Modified: 2023-11-07T04:00:52.727

Link: CVE-2023-0580

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0580", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2023-01-30T12:33:45.875Z", "datePublished": "2023-04-06T16:19:51.149Z", "dateUpdated": "2024-08-02T05:17:50.047Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "My Control System (on-premise)", "vendor": "ABB", "versions": [{"lessThanOrEqual": "5.13", "status": "affected", "version": "5.0;0", "versionType": "custom"}]}], "datePublic": "2023-04-05T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n<br><br><p>This issue affects My Control System (on-premise): from 5.0;0 through 5.13.</p>"}], "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-04-06T16:19:51.149Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in My Control System (on-premise)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.047Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:my_control_system:*:*:*:*:on-premise:*:*:*", "matchCriteriaId": "AD49BB9B-889A-4DB5-82F8-9B886E912338", "versionEndIncluding": "5.13", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n"}], "id": "CVE-2023-0580", "lastModified": "2023-11-07T04:00:52.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2023-04-06T17:15:10.050", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}