Remote code execution in ABB Panel Builder 800

1) Improper input validation

EUVDB-ID: #VU13900

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2018-10616

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when processing malicious input. A local attacker can trick the victim into opening a specially crafted file, insert and run arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

To fix the vulnerability vendor published the following workarounds:

• Conduct or reinforce cybersecurity awareness training for users of Panel Builder 800:
  • Describing general cybersecurity best practice recommendations for industrial control systems,
  • Informing that it is possible to infect Panel Builder files with malware,
  • Describing the importance of being careful with files that are received unexpectedly and/or from unexpected sources.
• Carefully inspecting any files transferred between computers, including scanning them with up-to-date antivirus software, so that only the legitimate files are being transferred.
• User account management, appropriate authentication and permission management using the principle of least privilege.

Vulnerable software versions

Panel Builder 800: All versions

External links

http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.