1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: FBXi, FBVi, FBTi, CBXi
- Vulnerabilities: Use of Hard-coded Credentials, Improper Validation of Specified Type of Input, Use of a One-Way Hash without a Salt
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product, insert and run arbitrary code, and crash the device being accessed.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following ABB FLXeon products are affected:
- FBXi-8R8-X96 (2CQG201028R1011): Versions 9.3.5 and prior
- FBXi-8R8-H-X96 (2CQG201029R1011): Versions 9.3.5 and prior
- FBXi-X256 (2CQG201014R1021): Versions 9.3.5 and prior
- FBXi-X48 (2CQG201018R1021): Versions 9.3.5 and prior
- FBXi-8R8-X96-S (2CQG201606R1011): Versions 9.3.5 and prior
- FBVi-2U4-4T (2CQG201015R1021 ): Versions 9.3.5 and prior
- FBVi-2U4-4T-IMP (2CQG201016R1021): Versions 9.3.5 and prior
- FBVi-2U4-4T-SI: Versions 9.3.5 and prior
- FBTi-7T7-1U1R (2CQG201022R1011): Versions 9.3.5 and prior
- FBTi-6T1-1U1R (2CQG201022R1011): Versions 9.3.5 and prior
- CBXi-8R8 (2CQG201001R1021): Versions 9.3.5 and prior
- CBXi-8R8-H (2CQG201001R1021): Versions 9.3.5 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798
Credentials that are required for the functioning of the product cannot be stored in a HW supported secure storage as the product does not implement such a component.
CVE-2024-48842 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (AV:P/AC:
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article: