CVE-2020-10288 CRITICAL

CVE-2020-10288: RVD#3327: No authentication required for accesing ABB IRC5 FTP server

Vendor Abb
Product IRB140
Weakness CWE-284
Published July 15, 2020
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.

Key dates

02Disclosure timeline

July 15, 2020 CVE published
September 16, 2024 Record updated