Severity

Medium

Analysis Summary

A vulnerability exists in Device Library Wizard in the affected product versions listed below. It creates a file that contains confidential data that could be read by low privileged users. This could allow the attacker to take control of one or multiple system nodes.

Impact

Insecure Storage of Sensitive Information

Affected Vendors

ABB

Affected Products

• Device Library Wizard: Versions 6.0.X
• Device Library Wizard: Versions 6.0.3.1
• Device Library Wizard: Versions 6.0.3.2

Remediation

ABB recommends users apply the following updates.

• Device Library Wizard Version 6.0.3.2 RU1
• Device Library Wizard Version 6.0.3.3
• Device Library Wizard Version 6.1.X and later