Main Vulnerability Database Vulnerabilities #VU19013

Input validation error in ABB products - CVE-2019-7228

Published: July 4, 2019 / Updated: July 4, 2019

Vulnerability identifier: #VU19013

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7228

CWE-ID: CWE-134

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication or execute code on the server.

The vulnerability exists due to the IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.

How to mitigate CVE-2019-7228

Install updates from vendor's website.

Sources

https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...
https://www.us-cert.gov/ics/advisories/icsa-19-178-01

Input validation error in ABB products - CVE-2019-7228

Detailed vulnerability description

How to mitigate CVE-2019-7228

Sources

Please verify you're human