CVE-2016-4511 Information

Description

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

2.8