Description
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
High
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
R
Unchanged
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- ABB / ANC0 – 1.1.4
- ABB / ANC-L0 – 1.1.4
- ABB / ANC-mini0 – 1.1.4