RVD#3326: Hardcoded default credentials on IRC 5 OPC Server
CVE-2020-10287

9.1CRITICAL

Key Information:

Vendor: Abb
Status: Irb140
Vendor: CVE Published:; 15 July 2020

What is CVE-2020-10287?

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).

Affected Version(s)

IRB140 = unspecified

References

https://github.com/aliasrobotics/RVD/issues/3326

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Mar 10, 2020

Credit

Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)

Abb

What is CVE-2020-10287?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit