Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1258

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.

Published

2023-03-31T08:15:06.397

Last Modified

2025-02-13T17:15:57.873

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-200
Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	abb	flow-x\/m_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/m	-	No
Operating System	abb	flow-x\/c_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/c	-	No
Operating System	abb	flow-x\/k_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/k	-	No
Operating System	abb	flow-x\/s_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/s	-	No
Operating System	abb	flow-x\/p_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/p	-	No
Operating System	abb	flow-x_r_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x_r	-	No
Operating System	abb	flow-x\/t_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/t	-	No
Operating System	abb	flow-x\/web_firmware	≤ 3.2.6	Yes
Hardware	abb	flow-x\/web	-	No

References

http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosure.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)