CVE-2023-0580

06.04.2023, 17:15

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allowsan attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.
Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:
User Interface
System Monitoring1
Asset Inventory

This issue affects My Control System (on-premise): from 5.0;0 through 5.13.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
ABB	CNA	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
abb	my_control_system	5.0 ≤ 𝑥 ≤ 5.13

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-922 - Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch