Main Vulnerability Database Vulnerabilities #VU19014

Input validation error in ABB products - CVE-2019-7230

Published: July 4, 2019 / Updated: July 4, 2019

Vulnerability identifier: #VU19014

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7230

CWE-ID: CWE-134

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Detailed vulnerability description

The vulnerability allows an attacker to bypass authentication or execute code on the server.

The vulnerability exists due to the IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.

How to mitigate CVE-2019-7230

Install updates from vendor's website.

Sources

https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...
https://www.us-cert.gov/ics/advisories/icsa-19-178-01

Input validation error in ABB products - CVE-2019-7230

Detailed vulnerability description

How to mitigate CVE-2019-7230

Sources

Please verify you're human