CVE-2016-4511
LOWABB PCM600 < 2.6 - Password Hash Disclosure via ACTConfig Configuration File
Title source: llmDescription
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
Scores
CVSS v3
2.8
EPSS
0.0005
EPSS Percentile
15.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-310
Status
published
Products (1)
abb/pcm600
< 2.6
Published
Jun 10, 2016
Tracked Since
Feb 18, 2026