CVE-2023-1258

Name of the Vulnerable Software and Affected Versions ABB Flow-X versions prior to 4.0

Description The issue is related to exposure of sensitive information to an unauthorized actor, allowing footprinting. This is due to insufficient protection of service data in the web service modules of the Flow-X firmware on embedded hardware. An attacker could exploit this to gain access to confidential information remotely.

Recommendations For versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web service modules until a patch is available.