CVE-2017-15583

Published: Oct 18, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.

Affected (1)

Products: Hitachienergy: Fox515t Firmware

Hitachienergy

1 product

Fox515t Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hitachienergy Fox515t Firmware	Up to r.1.0_ics10

Running on/with	Platform Versions
Hitachienergy Fox515t	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW028693&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cve@mitre.org

Vendor Advisory

http://search-ext.abb.com/library/Download.aspx?DocumentID=1KHW028693&LanguageCode=en&DocumentPartId=&Action=Launch

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.