Search criteria
1 vulnerability found for cp400pb by abb
VAR-201902-0642
Vulnerability from variot - Updated: 2023-12-18 13:18The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. ABB CP400 Panel Builder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB CP400PB is a set of human interface programming software from ABB, Switzerland. TextEditor is one of the text editors. An attacker could exploit the vulnerability to execute arbitrary code and cause a denial of service. ABB CP400 Panel Builder TextEditor is prone to a local code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. The following products are vulnerable: CP400 Panel BuilderTextEditor 2.0 CP400PB 2.0.7.05 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0642",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp400pb",
"scope": "lte",
"trust": 1.8,
"vendor": "abb",
"version": "2.0.7.05"
},
{
"model": "cp400pb",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=2.0.7.05"
},
{
"model": "cp400pb",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "2.0.7.05"
},
{
"model": "cp400 panel builder texteditor",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "2.0"
},
{
"model": "cp400pb",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "2.1.7.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp400pb",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp400pb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.7.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp400pb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchez of NullCode",
"sources": [
{
"db": "BID",
"id": "106658"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-19008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-19834",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "682ff012-276f-40be-bbf5-d5593dbc364f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-129624",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-19008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19008",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19834",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-741",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-129624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn\u0027t properly prevent the insertion of specially crafted files which could allow arbitrary code execution. ABB CP400 Panel Builder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB CP400PB is a set of human interface programming software from ABB, Switzerland. TextEditor is one of the text editors. An attacker could exploit the vulnerability to execute arbitrary code and cause a denial of service. ABB CP400 Panel Builder TextEditor is prone to a local code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. \nThe following products are vulnerable:\nCP400 Panel BuilderTextEditor 2.0\nCP400PB 2.0.7.05 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "VULHUB",
"id": "VHN-129624"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19008",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-017-02",
"trust": 2.8
},
{
"db": "BID",
"id": "106658",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19834",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499",
"trust": 0.8
},
{
"db": "IVD",
"id": "682FF012-276F-40BE-BBF5-D5593DBC364F",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98815",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129624",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"id": "VAR-201902-0642",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
}
]
},
"last_update_date": "2023-12-18T13:18:49.918000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "ABB CP400PB TextEditor input patch for verification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165659"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106658"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19008"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19008"
},
{
"trust": 0.6,
"url": "https://new.abb.com/products/abb1sap500400r0001"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-02 "
},
{
"trust": 0.3,
"url": "https://search.abb.com/library/download.aspx?documentid=3bse091042\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"date": "2019-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-129624"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106658"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"date": "2019-02-13T21:29:00.300000",
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"date": "2019-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129624"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106658"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"date": "2019-10-09T23:37:35.707000",
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106658"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB CP400PB TextEditor Input validation vulnerability",
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
],
"trust": 0.8
}
}