CVE-2016-4516

Name of the Vulnerable Software and Affected Versions ABB PCM600 versions prior to 2.7

Description The issue is related to the improper storage of the main application password after a password change, allowing local users to obtain sensitive information. The password is stored in an unencrypted form in the configuration file, which can be accessed by analyzing the file before the user commands it to be hashed. This allows a local attacker to gain access to user passwords.

Recommendations For ABB PCM600 versions prior to 2.7, update to version 2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation. Additionally, users should be cautious when handling password changes to avoid potential unauthorized access to sensitive information.