CVE-2020-10287

Name of the Vulnerable Software and Affected Versions ABB IRC5 family with UAS service enabled (affected versions not specified)

Description The issue concerns default credentials that can be easily found in publicly available manuals for the ABB IRC5 family with UAS service enabled. Although intended to facilitate setup, research has shown that multiple production systems are using these default credentials, posing a significant exposure risk. It is recommended that future deployments should require users to change these defaults to enhance security.

Recommendations For the ABB IRC5 family with UAS service enabled, consider changing the default credentials to custom ones as a mitigation measure. As a temporary workaround, restrict access to systems using the default credentials until custom credentials can be set. Force users to change the default credentials during the initial setup of future deployments to minimize the risk of exposure.