SB2019070404 - Multiple vulnerabilities in ABB PB610 Panel Builder 600

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Use of hard-coded credentials (CVE-ID: CVE-2019-7225)

The vulnerability allows an attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in code, which are IdalMaster:idal123 and exor:exor. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper Authentication (CVE-ID: CVE-2019-7226)

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due the IDAL HTTP server CGI interface contains a URL, wich can by used to bypass authentication. An attacker can use this URL to bypass authentication process and gain access to privileged functions.

3) Path traversal (CVE-ID: CVE-2019-7227)

The vulnerability allows an attacker to perform directory traversal attacks.

The vulnerability exists due to the IDAL FTP server fails to ensure directory change requests do not change to locations outside of the root FTP directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory.

4) Input validation error (CVE-ID: CVE-2019-7228)

The vulnerability allows an attacker to bypass authentication or execute code on the server.

The vulnerability exists due to the IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.

5) Input validation error (CVE-ID: CVE-2019-7230)

The vulnerability allows an attacker to bypass authentication or execute code on the server.

The vulnerability exists due to the IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.

6) Stack-based buffer overflow (CVE-ID: CVE-2019-7232)

The vulnerability allows an attacker to execute arbitrary code on the target server.

The vulnerability exists due to a boundary error when a large host header is sent in a HTTP request to the IDAL HTTP server. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Stack-based buffer overflow (CVE-ID: CVE-2019-7231)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when a long string is sent to the IDAL FTP server. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server.

Remediation

Install update from vendor's website.

References

• https://www.us-cert.gov/ics/advisories/icsa-19-178-01
• https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch
• https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...