Main Vulnerability Database Vulnerabilities #VU19011

#VU19011 Improper Authentication in ABB products - CVE-2019-7226

Published: July 4, 2019

Vulnerability identifier: #VU19011

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7226

CWE-ID: CWE-287

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Software vendor:
ABB

Description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due the IDAL HTTP server CGI interface contains a URL, wich can by used to bypass authentication. An attacker can use this URL to bypass authentication process and gain access to privileged functions.

Remediation

Install updates from vendor's website.

External links

https://www.us-cert.gov/ics/advisories/icsa-19-178-01
https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...

#VU19011 Improper Authentication in ABB products - CVE-2019-7226

Description

Remediation

External links

Please verify you're human