CVE-2019-10995

EPSS 0.13%
Published 14.01.2020 17:15:12
Last modified 21.11.2024 04:20:18
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Abb ≫ Cp651 Firmware Version <= bsp_un30_1.76

Abb ≫ Cp651 Version-

Abb ≫ Cp651-web Firmware Version <= bsp_un30_1.76

Abb ≫ Cp651-web Version-

Abb ≫ Cp661-web Firmware Version <= bsp_un30_1.76

Abb ≫ Cp661-web Version-

Abb ≫ Cp661 Firmware Version <= bsp_un30_1.76

Abb ≫ Cp661 Version-

Abb ≫ Cp665 Firmware Version <= bsp_un30_1.76

Abb ≫ Cp665 Version-

Abb ≫ Cp665-web Firmware Version <= bsp_un30_1.76

Abb ≫ Cp665-web Version-

Abb ≫ Cp676-web Firmware Version <= bsp_un30_1.76

Abb ≫ Cp676-web Version-

Abb ≫ Cp676 Firmware Version <= bsp_un30_1.76

Abb ≫ Cp676 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.335

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.securityfocus.com/bid/108928

Third Party Advisory

VDB Entry

https://www.us-cert.gov/ics/advisories/icsa-19-178-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-10995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10995

EUVD