RVD#42: Poor software protection

[aliasbot]

{
    "id": 42,
    "title": "RVD#42: Poor software protection",
    "type": "vulnerability",
    "description": "On previous firmware versions of ABB's Service BoxOn top of easily accessible firmware images, researchers found that custom binaries (e.g., the embedded web server) built by some vendors include all debug information (i.e., unstripped). Generally, all but one vendor\u2019s firmware images were easy to open with Binwalk\u2019s default settings. Credits to Federico Maggi, Trend Micro Forward-Looking Threat Research, Davide Quarta, Marcello Pogliani, Mario Polino, Andrea M. Zanchettin, and Stefano Zanero, Politecnico di Milano",
    "cwe": "CWE-Information Exposure Through Debug Information (CWE-215)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot component: ABB's Service Box",
        "severity: high",
        "state: new",
        "vendor: ABB",
        "vulnerability"
    ],
    "system": "ABB's Service Box",
    "vendor": "ABB",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:N/A:N/H:N",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/42"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-05-03",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-05-03",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/42",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.