CVE-2023-0580 - OpenCVE

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Abb	My Control System

Configuration 1 [-]

cpe:2.3:a:abb:my_control_system:*:*:*:*:on-premise:*:*:*

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ABB

Published: 2023-04-06T16:19:51.149Z

Updated: 2023-04-06T16:19:51.149Z

Reserved: 2023-01-30T12:33:45.875Z

Link: CVE-2023-0580

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-06T17:15:10.050

Modified: 2023-11-07T04:00:52.727

Link: CVE-2023-0580

JSON object: View

Redhat Information

No data.

CWE

CWE-922

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0580", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2023-01-30T12:33:45.875Z", "datePublished": "2023-04-06T16:19:51.149Z", "dateUpdated": "2023-04-06T16:19:51.149Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "My Control System (on-premise)", "vendor": "ABB", "versions": [{"lessThanOrEqual": "5.13", "status": "affected", "version": "5.0;0", "versionType": "custom"}]}], "datePublic": "2023-04-05T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n<br><br><p>This issue affects My Control System (on-premise): from 5.0;0 through 5.13.</p>"}], "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-04-06T16:19:51.149Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in My Control System (on-premise)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:my_control_system:*:*:*:*:on-premise:*:*:*", "matchCriteriaId": "AD49BB9B-889A-4DB5-82F8-9B886E912338", "versionEndIncluding": "5.13", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n"}], "id": "CVE-2023-0580", "lastModified": "2023-11-07T04:00:52.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2023-04-06T17:15:10.050", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}