CVE-2023-1258

MEDIUM

ABB Flow-x/m Firmware < 3.2.6 - Information Disclosure

Title source: rule

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.

Exploits (1)

exploitdb WORKING POC

by Paul Smith · pythonwebappshardware

https://www.exploit-db.com/exploits/51603

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 5.3

EPSS 0.1318

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (8)

abb/flow-x\/c_firmware < 3.2.6

abb/flow-x\/k_firmware < 3.2.6

abb/flow-x\/m_firmware < 3.2.6

abb/flow-x\/p_firmware < 3.2.6

abb/flow-x_r_firmware < 3.2.6

abb/flow-x\/s_firmware < 3.2.6

abb/flow-x\/t_firmware < 3.2.6

abb/flow-x\/web_firmware < 3.2.6

Published Mar 31, 2023

Tracked Since Feb 18, 2026