Main Vulnerability Database Vulnerabilities #VU19011

Improper Authentication in ABB products - CVE-2019-7226

Published: July 4, 2019

Vulnerability identifier: #VU19011

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7226

CWE-ID: CWE-287

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication process.

The vulnerability exists due the IDAL HTTP server CGI interface contains a URL, wich can by used to bypass authentication. An attacker can use this URL to bypass authentication process and gain access to privileged functions.

How to mitigate CVE-2019-7226

Install updates from vendor's website.

Sources

https://www.us-cert.gov/ics/advisories/icsa-19-178-01
https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...

Improper Authentication in ABB products - CVE-2019-7226

Detailed vulnerability description

How to mitigate CVE-2019-7226

Sources

Please verify you're human