Search criteria
3 vulnerabilities found for cp665 by abb
VAR-202001-1490
Vulnerability from variot - Updated: 2023-12-18 13:33ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. ABB CP651 HMI The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABB CP651 is a control panel of Swiss ABB company.
ABB CP651 HMI has a vulnerability in trust management issues. Attackers can use this vulnerability to insert and run arbitrary code on the affected system. Multiple ABB Products are prone to an hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp651",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "cp661",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp661-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp651",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp651-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp676-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp665",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp676",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp665-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "bsp_un30_1.76"
},
{
"model": "cp651-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp661",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp661-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp665",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp665-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp676",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp676-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp676-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp676",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp665-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp665",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp661-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp661",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp651-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp651",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "pb610 panel builder",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.424"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "BID",
"id": "108928"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "NVD",
"id": "CVE-2019-10995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "bsp_un30_1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "108928"
}
],
"trust": 0.3
},
"cve": "CVE-2019-10995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-22286",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10995",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-22286",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1079",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. ABB CP651 HMI The product contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABB CP651 is a control panel of Swiss ABB company. \n\r\n\r\nABB CP651 HMI has a vulnerability in trust management issues. Attackers can use this vulnerability to insert and run arbitrary code on the affected system. Multiple ABB Products are prone to an hard-coded credentials vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "BID",
"id": "108928"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10995",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-02",
"trust": 2.7
},
{
"db": "BID",
"id": "108928",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22286",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2347",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "BID",
"id": "108928"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"id": "VAR-202001-1490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
}
],
"trust": 1.2370370333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
}
]
},
"last_update_date": "2023-12-18T13:33:12.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.bbb.org/"
},
{
"title": "Patch for ABB CP651 HMI Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213421"
},
{
"title": "ABB CP651 HMI Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94182"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "NVD",
"id": "CVE-2019-10995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/108928"
},
{
"trust": 0.9,
"url": "http://www.abb.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10995"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10995"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18994"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2347/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "BID",
"id": "108928"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "BID",
"id": "108928"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108928"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"date": "2020-01-14T17:15:12.427000",
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108928"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014222"
},
{
"date": "2020-01-24T13:53:04.020000",
"db": "NVD",
"id": "CVE-2019-10995"
},
{
"date": "2019-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB CP651 HMI Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1079"
}
],
"trust": 0.6
}
}
VAR-201912-1548
Vulnerability from variot - Updated: 2023-12-18 13:33Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service. ABB PB610 Panel Builder 600 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB PB610 Panel Builder 600 is a software that designs a graphical user interface for the CP600 control panel platform. The vulnerability stems from the fact that the network system or product did not correctly verify the input data.
ABB CP651 HMI has a vulnerability in trust management issues
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1548",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pb610 panel builder 600",
"scope": "lte",
"trust": 1.8,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "cp651",
"scope": null,
"trust": 1.2,
"vendor": "abb",
"version": null
},
{
"model": "cp635 hmi",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "600\u003c=2.8.0.424"
},
{
"model": "cp661",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp665",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp676",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp651-web",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp661-web",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp665-web",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp676-web",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:pb610_panel_builder_600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18994"
}
]
},
"cve": "CVE-2019-18994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18994",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-22287",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-22286",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-151396",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cybersecurity@ch.abb.com",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.3,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18994",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18994",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2019-18994",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-22287",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-22286",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-883",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151396",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2019-18994",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "VULHUB",
"id": "VHN-151396"
},
{
"db": "VULMON",
"id": "CVE-2019-18994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service. ABB PB610 Panel Builder 600 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB PB610 Panel Builder 600 is a software that designs a graphical user interface for the CP600 control panel platform. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. \n\r\n\r\nABB CP651 HMI has a vulnerability in trust management issues",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "VULHUB",
"id": "VHN-151396"
},
{
"db": "VULMON",
"id": "CVE-2019-18994"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18994",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22287",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201912-883",
"trust": 0.7
},
{
"db": "BID",
"id": "108928",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-22286",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-151396",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-18994",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "VULHUB",
"id": "VHN-151396"
},
{
"db": "VULMON",
"id": "CVE-2019-18994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
]
},
"id": "VAR-201912-1548",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "VULHUB",
"id": "VHN-151396"
}
],
"trust": 1.97333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
}
]
},
"last_update_date": "2023-12-18T13:33:12.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Vulnerabilities in ABB PB610 ABBVU-RAMF-1908001, ABBVU-RAMF-1908002, ABBVU-RAMF-1908003, ABBVU-RAMF-1908004",
"trust": 0.8,
"url": "http://search.abb.com/library/download.aspx?documentid=3adr010466\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB CP651 HMI Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213421"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151396"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18994"
},
{
"trust": 1.7,
"url": "http://search.abb.com/library/download.aspx?documentid=3adr010466\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18994"
},
{
"trust": 0.1,
"url": "http://search.abb.com/library/download.aspx?documentid=3adr010466\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "VULHUB",
"id": "VHN-151396"
},
{
"db": "VULMON",
"id": "CVE-2019-18994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"db": "VULHUB",
"id": "VHN-151396"
},
{
"db": "VULMON",
"id": "CVE-2019-18994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-151396"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18994"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"date": "2019-12-18T21:15:13.240000",
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22287"
},
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22286"
},
{
"date": "2019-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-151396"
},
{
"date": "2019-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18994"
},
{
"date": "2020-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013706"
},
{
"date": "2019-12-31T16:17:01.717000",
"db": "NVD",
"id": "CVE-2019-18994"
},
{
"date": "2020-01-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PB610 Panel Builder 600 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013706"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-883"
}
],
"trust": 0.6
}
}
VAR-201906-0215
Vulnerability from variot - Updated: 2023-12-18 12:28The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device.
Affected systems
CP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior CP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior CP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior CP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior CP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior CP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior CP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior PB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior CP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior CP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior CP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior CP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior CP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior CP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior CP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior
Solution
Apply the patches or changes recommended by the vendor in their vulnerability advisories: - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch
Disclosure timeline
04/02/2019 - Contacted ABB requesting disclosure coordination 05/02/2019 - Provided vulnerability details 05/06/2019 - Patch available 17/06/2019 - xen1thLabs public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp635-b",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp676-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.3674"
},
{
"model": "cp651",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp651-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "cp676",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp620-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-b",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp651-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp661",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "cp635-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635-b",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651 web",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.3674",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xen1thLabs,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-19833",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-158660",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7225",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158660",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device. \n\n\nAffected systems\n----------------\nCP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior\nCP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior\nPB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior\nCP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior\n\n\nSolution\n--------\nApply the patches or changes recommended by the vendor in their vulnerability advisories:\n - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n\nDisclosure timeline\n-------------------\n04/02/2019 - Contacted ABB requesting disclosure coordination\n05/02/2019 - Provided vulnerability details\n05/06/2019 - Patch available\n17/06/2019 - xen1thLabs public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "PACKETSTORM",
"id": "153397"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7225",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "153397",
"trust": 2.4
},
{
"db": "BID",
"id": "108922",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019060154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2348",
"trust": 0.6
},
{
"db": "IVD",
"id": "81E5E7B5-957E-48A4-ADE8-19B359B65CB3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"id": "VAR-201906-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
}
],
"trust": 1.5566666599999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
}
]
},
"last_update_date": "2023-12-18T12:28:14.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "ABBHMIHardcodedCredentials file read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165657"
},
{
"title": "ABB PB610 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94029"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/153397/abb-hmi-hardcoded-credentials.html"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2019/jun/38"
},
{
"trust": 2.5,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108922"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-03"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 0.9,
"url": "http://www.abb.com/"
},
{
"trust": 0.9,
"url": "https://library.e.abb.com/public/6b454c20b3a2445ea148a07c46a2f85c/abb-advisory_3adr010376.pdf"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019060154"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2348/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2019-06-21T18:32:22",
"db": "PACKETSTORM",
"id": "153397"
},
{
"date": "2019-06-27T17:15:15.770000",
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2023-05-16T11:15:00.720000",
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"date": "2020-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB HMI Vulnerability in using hard-coded credentials in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
}
}