Main Vulnerability Database Vulnerabilities #VU19013

#VU19013 Input validation error in ABB products - CVE-2019-7228

Published: July 4, 2019 / Updated: July 4, 2019

Vulnerability identifier: #VU19013

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-7228

CWE-ID: CWE-134

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
BSP UN31
BSP UN30
PB610 Panel Builder 600

Software vendor:
ABB

Description

The vulnerability allows an attacker to bypass authentication or execute code on the server.

The vulnerability exists due to the IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.

Remediation

Install updates from vendor's website.

External links

https://search-ext.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&a...
https://www.us-cert.gov/ics/advisories/icsa-19-178-01

#VU19013 Input validation error in ABB products - CVE-2019-7228

Description

Remediation

External links

Please verify you're human