Main Vulnerability Database Vulnerabilities #VU19012

Path traversal in ABB products - CVE-2019-7227

Published: July 4, 2019

Vulnerability identifier: #VU19012

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7227

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Detailed vulnerability description

The vulnerability allows an attacker to perform directory traversal attacks.

The vulnerability exists due to the IDAL FTP server fails to ensure directory change requests do not change to locations outside of the root FTP directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory.

How to mitigate CVE-2019-7227

Install updates from vendor's website.

Sources

https://www.us-cert.gov/ics/advisories/icsa-19-178-01
https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...

Path traversal in ABB products - CVE-2019-7227

Detailed vulnerability description

How to mitigate CVE-2019-7227

Sources

Please verify you're human