Main Vulnerability Database Vulnerabilities #VU19012

#VU19012 Path traversal in ABB products - CVE-2019-7227

Published: July 4, 2019

Vulnerability identifier: #VU19012

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7227

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Software vendor:
ABB

Description

The vulnerability allows an attacker to perform directory traversal attacks.

The vulnerability exists due to the IDAL FTP server fails to ensure directory change requests do not change to locations outside of the root FTP directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory.

Remediation

Install updates from vendor's website.

External links

https://www.us-cert.gov/ics/advisories/icsa-19-178-01
https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...

#VU19012 Path traversal in ABB products - CVE-2019-7227

Description

Remediation

External links

Please verify you're human