CVE-2016-4524

Name of the Vulnerable Software and Affected Versions ABB PCM600 versions prior to 2.7

Description The issue is related to the improper storage of OPC Server IEC61850 passwords in temporary circumstances, allowing local users to obtain sensitive information. The vulnerability is associated with the storage of passwords in unencrypted form, which can be exploited by analyzing the System.xml configuration file and PCM600$PDS$ project files, potentially granting access to the passwords.

Recommendations For ABB PCM600 versions prior to 2.7, consider restricting access to the System.xml configuration file and PCM600$PDS$ project files to minimize the risk of exploitation. As a temporary workaround, limit local user access to sensitive areas of the system until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.