CVE-2023-1258

moderate-risk

Published 2023-03-31

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.

Do I need to act?

11.6% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

51603

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (8)

Flow-X\/M Firmware

Flow-X\/C Firmware

Flow-X\/K Firmware

Flow-X\/S Firmware

Flow-X\/P Firmware

Flow-X R Firmware

Flow-X\/T Firmware

Flow-X\/Web Firmware

Affected Vendors

Abb

References (4)

Exploit http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosur...

Vendor Advisory https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&Language...

Exploit http://packetstormsecurity.com/files/173610/ABB-FlowX-4.00-Information-Disclosur...

Vendor Advisory https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A9754&Language...

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 11/34 · Low

Exposure 14/34 · Moderate