{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0580", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2023-01-30T12:33:45.875Z", "datePublished": "2023-04-06T16:19:51.149Z", "dateUpdated": "2025-02-10T20:18:36.853Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "My Control System (on-premise)", "vendor": "ABB", "versions": [{"lessThanOrEqual": "5.13", "status": "affected", "version": "5.0;0", "versionType": "custom"}]}], "datePublic": "2023-04-05T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows&nbsp;an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n<br><br><p>This issue affects My Control System (on-premise): from 5.0;0 through 5.13.</p>"}], "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-04-06T16:19:51.149Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in My Control System (on-premise)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.047Z"}, "title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T20:18:30.770970Z", "id": "CVE-2023-0580", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T20:18:36.853Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.047Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-10T20:18:30.770970Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T20:18:26.288Z"}}], "cna": {"title": "Information Disclosure vulnerability in My Control System (on-premise)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "My Control System (on-premise)", "versions": [{"status": "affected", "version": "5.0;0", "versionType": "custom", "lessThanOrEqual": "5.13"}], "defaultStatus": "unaffected"}], "datePublic": "2023-04-05T18:30:00.000Z", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n", "supportingMedia": [{"type": "text/html", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows&nbsp;an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n<br><br><p>This issue affects My Control System (on-premise): from 5.0;0 through 5.13.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-04-06T16:19:51.149Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0580", "state": "PUBLISHED", "dateUpdated": "2025-02-10T20:18:36.853Z", "dateReserved": "2023-01-30T12:33:45.875Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2023-04-06T16:19:51.149Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:my_control_system:*:*:*:*:on-premise:*:*:*", "matchCriteriaId": "AD49BB9B-889A-4DB5-82F8-9B886E912338", "versionEndIncluding": "5.13", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows\u00a0an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application.\nOf the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability:\nUser Interface\nSystem Monitoring1\nAsset Inventory\n\n\n\n\nThis issue affects My Control System (on-premise): from 5.0;0 through 5.13.\n\n"}], "id": "CVE-2023-0580", "lastModified": "2024-11-21T07:37:26.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-06T17:15:10.050", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA007893&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}