ABB FOX515T Improper Input Validation (CVE-2017-14025)

medium Tenable OT Security Plugin ID 500323

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

ABB reports that the product has been phased out and has reached obsolete status. No further maintenance is planned for the product.

Please see the ABB Cyber Security Advisory 1KHW028693 on the ABB Alerts and Notification page at the following location:

http://new.abb.com/about/technology/cyber-security/alerts-and-notifications

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-17-304-01

http://www.securityfocus.com/bid/101662

Plugin Details

Severity: Medium

ID: 500323

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-14025

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:abb:fox515t_firmware:1.0

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 11/6/2017

Vulnerability Publication Date: 11/6/2017

Reference Information

CVE: CVE-2017-14025

CWE: 20

ICSA: 17-304-01