CVE-2020-10287
CRITICALABB IRC5 and IRB140 Firmware - Insufficiently Protected Credentials
Title source: llmDescription
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/aliasrobotics/RVD/issues/3326
Scores
CVSS v3
9.8
EPSS
0.0038
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-255
Status
published
Products (2)
abb/irb140_firmware
abb/irc5_firmware
Published
Jul 15, 2020
Tracked Since
Feb 18, 2026