CVE-2020-10288: RVD#3327: No authentication required for accesing ABB IRC5 FTP server
First published: Wed Jul 15 2020(Updated: )
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
Credit: cve@aliasrobotics.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abb Robotware | =5.09 | |
| Abb Irb140 | ||
| Abb Irc5 | ||
| Windriver Vxworks | =5.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10288?
CVE-2020-10288 is a vulnerability in IRC5 that exposes an ftp server (port 21) and accepts any input for username and password.
How severe is CVE-2020-10288?
CVE-2020-10288 is classified as critical with a severity score of 9.8.
What software is affected by CVE-2020-10288?
Abb Robotware version 5.09 is affected by CVE-2020-10288.
How can I fix CVE-2020-10288?
Currently, there is no known fix for CVE-2020-10288. It is recommended to monitor for vendor patches or security advisories.
Where can I find more information about CVE-2020-10288?
You can find more information about CVE-2020-10288 at the following reference link: [GitHub Issue](https://github.com/aliasrobotics/RVD/issues/3327)
- collector/nvd-index
- agent/weakness
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/abb
- canonical/abb robotware
- version/abb robotware/5.09
- canonical/abb irb140
- canonical/abb irc5
- vendor/windriver
- canonical/windriver vxworks
- version/windriver vxworks/5.5.1