#VU13900 Improper input validation in Panel Builder 800 - CVE-2018-10616
Published: July 17, 2018 / Updated: July 18, 2018
Vulnerability identifier: #VU13900
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10616
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Panel Builder 800
Panel Builder 800
Software vendor:
ABB
ABB
Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to an error when processing malicious input. A local attacker can trick the victim into opening a specially crafted file, insert and run arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
To fix the vulnerability vendor published the following workarounds:
- Conduct or reinforce cybersecurity awareness training for users of Panel Builder 800:
- Describing general cybersecurity best practice recommendations for industrial control systems,
- Informing that it is possible to infect Panel Builder files with malware,
- Describing the importance of being careful with files that are received unexpectedly and/or from unexpected sources.
- Carefully inspecting any files transferred between computers, including scanning them with up-to-date antivirus software, so that only the legitimate files are being transferred.
- User account management, appropriate authentication and permission management using the principle of least privilege.