There is an improper input validation vulnerability in ABB’s FOX515T product and the industrial control giant does not plan to mitigate the vulnerability because the product has been phased out and has reached obsolete status so no further maintenance is planned, according to a report with ICS-CERT.
A communication interface, FOX515T release 1.0 suffers from the vulnerability, discovered by researcher Ketan Bali, who reported the issue to ABB.
Successful exploitation of this vulnerability could allow for a local attacker to craft a malicious script that would enable retrieval of any file on the server.
Zurich, Switerland-based ABB said the product has been phased out and has reached obsolete status. No further maintenance is planned for the product.
Click here to view the ABB Cyber Security Advisory 1KHW028693 on the ABB Alerts and Notification page.
No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. However, an attacker with low skill level could leverage the vulnerability.
An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
CVE-2017-14025 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.2.
The product mainly sees use in the communications sector. It also sees action on a global basis.