Описание
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- MitigationPatchVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
7.3 High
CVSS3
4.1 Medium
CVSS2
Дефекты
Связанные уязвимости
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
Уязвимость FTP-сервера IDAL инструмента проектирования пользовательского интерфейса PB610 Panel Builder 600 (SAP500900R0101), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить ее целостность
EPSS
7.3 High
CVSS3
4.1 Medium
CVSS2