id: 3327title: 'RVD#3327: No authentication required for accesing ABB IRC5 FTP server'type: vulnerabilitydescription: IRC5 exposes an ftp server (port 21). Upon attempting to gain accessyou are challenged with a request of username and password, however you can inputwhatever you like. As long as the field isn't empty it will be accepted.cwe: CWE-284cve: CVE-2020-10288keywords:
- IRC5, FTP, Autenticationsystem: IRB140, IRC5, Robotware_5.09, VxWorks5.5.1vendor: ABBseverity:
rvss-score: 9.4rvss-vector: RVSS:1.0/AV:IN/AC:H/PR:L/UI:N/Y:Z/S:U/C:H/I:H/A:H/H:Hseverity-description: Criticalcvss-score: 9.8cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hlinks:
- https://cwe.mitre.org/data/definitions/284.html
- https://github.com/aliasrobotics/RVD/issues/3327flaw:
phase: testingspecificity: general-issuearchitectural-location: Plataform codeapplication: FTP serversubsystem: UI:Loginpackage: N/Alanguages: Nonedate-detected: 2020-05-11detected-by: Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)detected-by-method: testing dynamic, Nmap.date-reported: '2020-07-15'reported-by: Victor Mayoral Vilchesreported-by-relationship: security researcherissue: https://github.com/aliasrobotics/RVD/issues/3327reproducibility: Alwaystrace: Not disclosedreproduction: Not disclosedreproduction-image: Not disclosedexploitation:
description: Not disclosedexploitation-image: Not disclosedexploitation-vector: Not disclosedexploitation-recipe: ''mitigation:
description: Not disclosedpull-request: Not discloseddate-mitigation: null
The text was updated successfully, but these errors were encountered:
rvd-bot
changed the title
No authentication required for accesing ABB IRC5 FTP server
RVD#3327: No authentication required for accesing ABB IRC5 FTP server
Jul 15, 2020
The text was updated successfully, but these errors were encountered: