SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-461192497] ABB FOX515T

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-10-31OtherABBKetan Bali reported the vulnerability to ABB. N/ACVE-2017-1402 N/AN/AN/A

Source

						
							
								
#
# ABB FOX515T
#


### VULNERABLE VENDOR
ABB


### VULNERABLE PRODUCT
FOX515T



### RESEARCHER
Ketan Bali reported the vulnerability to ABB.



### AFFECTED PRODUCTS

The following versions of FOX515T, a communication interface, are affected:

FOX515T release 1.0



### IMPACT

Successful exploitation of this vulnerability could allow for a local attacker to craft a malicious script that would enable retrieval of any file on the server.



### VULNERABILITY OVERVIEW

IMPROPER INPUT VALIDATION CWE-20
An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
CVE-2017-14025 has been assigned to this vulnerability.
A CVSS v3 base score of 6.2 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sector(s): Communications
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Switzerland




### MITIGATION

ABB reports that the product has been phased out and has reached obsolete status. No further maintenance is planned for the product.

Please see the ABB Cyber Security Advisory 1KHW028693 on the ABB Alerts and Notification page at the following location:

http://new.abb.com/about/technology/cyber-security/alerts-and-notifications