RSS   Vulnerabilities for 'Cp661-web firmware'   RSS

2019-06-27
 
CVE-2019-7225

CWE-798
 

 
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.

 

 >>> Vendor: ABB 50 Products
Pcu400
Interlink module
Irc5 opc server
Pc sdk
Pickmaster 3
Pickmaster 5
Robot communications runtime
Robotstudio
Robview 5
Webware sdk
Webware server
S4 opc server
Quickteach
Robotstudio s4
Robotstudio lite
Datamanager
Test signal viewer
Panel builder 800
Pcm600
Vsn300 firmware
Vsn300 for react firmware
Fox515t firmware
Netcadops
Sys600 firmware
Srea-01 firmware
Srea-50 firmware
Ip gateway firmware
Esoms
Gate-e1 firmware
Gate-e2 firmware
Cms-770 firmware
Cp400pb firmware
Eth-fw firmware
Fw firmware
Pm554-tp-eth firmware
Cp620-web firmware
Cp620 firmware
Cp630-web firmware
Cp630 firmware
Cp635-b firmware
Cp635-web firmware
Cp635 firmware
Cp651-web firmware
Cp651 firmware
Cp661-web firmware
Cp661 firmware
Cp665-web firmware
Cp665 firmware
Cp676-web firmware
Cp676 firmware


Copyright 2019, cxsecurity.com

 

Back to Top