In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NAbb Pb610 Panel Builder 600
HWAbbwszystkie wersjeAbb Pb610 Panel Builder 600 Firmware
OSAbb1.91 – 2.8.0.367
Related vulnerabilities
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs...
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authen...
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. ...
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. ...
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting ...