CVE-2019-10995
HIGHABB CP651/CP661/CP665/CP676 Firmware < bsp_un30_1.76 - Use of Hard-coded Credentials
Title source: llmDescription
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108928
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-178-02
Scores
CVSS v3
8.8
EPSS
0.0013
EPSS Percentile
31.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (8)
abb/cp651-web_firmware
< bsp_un30_1.76
abb/cp651_firmware
< bsp_un30_1.76
abb/cp661-web_firmware
< bsp_un30_1.76
abb/cp661_firmware
< bsp_un30_1.76
abb/cp665-web_firmware
< bsp_un30_1.76
abb/cp665_firmware
< bsp_un30_1.76
abb/cp676-web_firmware
< bsp_un30_1.76
abb/cp676_firmware
< bsp_un30_1.76
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026