Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款ABB产品信任管理问题漏洞
Vulnerability Description
ABB CP620等都是瑞士ABB公司的一款人机界面触控面板。 多款ABB产品中存在信任管理问题漏洞。攻击者可借助硬编码凭证利用该漏洞对HMI配置文件进行读写操作并重置设备。以下产品及版本受到影响:使用1.76及之前版本固件的ABB CP620;使用1.76及之前版本固件的ABB CP620-Web;使用1.76及之前版本固件的ABB CP630;使用1.76及之前版本固件的ABB CP630-Web;使用1.76及之前版本固件的ABB CP635;使用1.76及之前版本固件的ABB CP635-B;使用
CVSS Information
N/A
Vulnerability Type
N/A