CVE-2016-4511
First published: Fri Jun 10 2016(Updated: )
ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ABB PCM600 | <=2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4511?
CVE-2016-4511 has a medium severity level due to the improper hash algorithm used for the application password.
How does CVE-2016-4511 affect ABB PCM600?
CVE-2016-4511 allows local users to obtain sensitive cleartext information by accessing the ACTConfig configuration file.
What versions of ABB PCM600 are affected by CVE-2016-4511?
CVE-2016-4511 affects ABB PCM600 versions prior to 2.7, including all versions up to and including 2.6.
How do I fix CVE-2016-4511?
To fix CVE-2016-4511, upgrade ABB PCM600 to version 2.7 or later, which uses a secure hash algorithm.
Can read access to the ACTConfig file lead to issues because of CVE-2016-4511?
Yes, read access to the ACTConfig file can potentially expose sensitive information due to the vulnerability in CVE-2016-4511.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/severity
- agent/tags
- agent/source
- vendor/abb
- canonical/abb pcm600
- version/abb pcm600/2.6