Search criteria
5 vulnerabilities found for pb610 by abb
VAR-201906-0215
Vulnerability from variot - Updated: 2023-12-18 12:28The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device.
Affected systems
CP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior CP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior CP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior CP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior CP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior CP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior CP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior PB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior CP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior CP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior CP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior CP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior CP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior CP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior CP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior
Solution
Apply the patches or changes recommended by the vendor in their vulnerability advisories: - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch
Disclosure timeline
04/02/2019 - Contacted ABB requesting disclosure coordination 05/02/2019 - Provided vulnerability details 05/06/2019 - Patch available 17/06/2019 - xen1thLabs public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp635-b",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp676-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.3674"
},
{
"model": "cp651",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp651-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "cp676",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp620-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-b",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp651-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp661",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "cp635-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635-b",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651 web",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.3674",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xen1thLabs,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-19833",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-158660",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7225",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158660",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device. \n\n\nAffected systems\n----------------\nCP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior\nCP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior\nPB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior\nCP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior\n\n\nSolution\n--------\nApply the patches or changes recommended by the vendor in their vulnerability advisories:\n - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n\nDisclosure timeline\n-------------------\n04/02/2019 - Contacted ABB requesting disclosure coordination\n05/02/2019 - Provided vulnerability details\n05/06/2019 - Patch available\n17/06/2019 - xen1thLabs public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "PACKETSTORM",
"id": "153397"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7225",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "153397",
"trust": 2.4
},
{
"db": "BID",
"id": "108922",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019060154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2348",
"trust": 0.6
},
{
"db": "IVD",
"id": "81E5E7B5-957E-48A4-ADE8-19B359B65CB3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"id": "VAR-201906-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
}
],
"trust": 1.5566666599999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
}
]
},
"last_update_date": "2023-12-18T12:28:14.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "ABBHMIHardcodedCredentials file read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165657"
},
{
"title": "ABB PB610 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94029"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/153397/abb-hmi-hardcoded-credentials.html"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2019/jun/38"
},
{
"trust": 2.5,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108922"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-03"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 0.9,
"url": "http://www.abb.com/"
},
{
"trust": 0.9,
"url": "https://library.e.abb.com/public/6b454c20b3a2445ea148a07c46a2f85c/abb-advisory_3adr010376.pdf"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019060154"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2348/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2019-06-21T18:32:22",
"db": "PACKETSTORM",
"id": "153397"
},
{
"date": "2019-06-27T17:15:15.770000",
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2023-05-16T11:15:00.720000",
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"date": "2020-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB HMI Vulnerability in using hard-coded credentials in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
}
}
VAR-201906-0218
Vulnerability from variot - Updated: 2023-12-18 12:28The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. ABB IDAL HTTP The server contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A memory corruption vulnerability exists in IDALHTTPserver in ABBPB610. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. A stack-based buffer-overflow vulnerability 5. A buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pb610 panel builder 600",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "pb610 panel builder 600",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.367"
},
{
"model": "pb610 panel builder 600",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "pb610 panel builder",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.424"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610 panel builder 600",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "NVD",
"id": "CVE-2019-7228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_panel_builder_600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.367",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610_panel_builder_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eldar Marcussen,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7228",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-19476",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e95e6d50-ac70-49d1-ac71-508da06352da",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7228",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7228",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19476",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-907",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. ABB IDAL HTTP The server contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A memory corruption vulnerability exists in IDALHTTPserver in ABBPB610. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. A directory-traversal vulnerability\n3. A stack-based buffer-overflow vulnerability\n5. A buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. \nABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7228",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "153404",
"trust": 2.2
},
{
"db": "BID",
"id": "108886",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-19476",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-907",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2346",
"trust": 0.6
},
{
"db": "IVD",
"id": "E95E6D50-AC70-49D1-AC71-508DA06352DA",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"id": "VAR-201906-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
}
],
"trust": 1.66666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
}
]
},
"last_update_date": "2023-12-18T12:28:14.372000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Vulnerabilities in ABB PB610",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "ABBPB610IDALHTTPserver memory corruption vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165541"
},
{
"title": "ABB PB610 IDAL HTTP server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94039"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "NVD",
"id": "CVE-2019-7228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://packetstormsecurity.com/files/153404/abb-idal-http-server-uncontrolled-format-string.html"
},
{
"trust": 1.9,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2019/jun/43"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/108886"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7228"
},
{
"trust": 1.0,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-uncontrolled-format-string-vulnerability-xl-19-012/"
},
{
"trust": 0.9,
"url": "https://new.abb.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7228"
},
{
"trust": 0.6,
"url": "http-server-uncontrolled-format-string-vulnerability-xl-19-012/"
},
{
"trust": 0.6,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-idal-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2346/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"date": "2019-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108886"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"date": "2019-06-27T15:15:09.230000",
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19476"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108886"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005794"
},
{
"date": "2022-11-30T21:41:37.270000",
"db": "NVD",
"id": "CVE-2019-7228"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PB610 IDAL HTTP server Memory Corruption Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e95e6d50-ac70-49d1-ac71-508da06352da"
},
{
"db": "CNVD",
"id": "CNVD-2019-19476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-907"
}
],
"trust": 0.6
}
}
VAR-201906-0222
Vulnerability from variot - Updated: 2023-12-18 12:28The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server. ABB IDAL HTTP The server contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A buffer overflow vulnerability exists in IDALHTTPserver in ABBPB610 that could be exploited by an attacker to cause a buffer overflow or heap overflow. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. Multiple memory corruption vulnerabilities 4. A stack-based buffer-overflow vulnerability 5. A buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pb610 panel builder 600",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "pb610 panel builder 600",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.367"
},
{
"model": "pb610 panel builder 600",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "pb610 panel builder",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.424"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610 panel builder 600",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "NVD",
"id": "CVE-2019-7232"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_panel_builder_600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.367",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610_panel_builder_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7232"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eldar Marcussen,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7232",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7232",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-19475",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a5651a95-b140-4c44-a968-4865e74d773b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7232",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7232",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-904",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server. ABB IDAL HTTP The server contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALHTTPserver is one of the HTTP (Hypertext Transfer Protocol) servers. A buffer overflow vulnerability exists in IDALHTTPserver in ABBPB610 that could be exploited by an attacker to cause a buffer overflow or heap overflow. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. A directory-traversal vulnerability\n3. Multiple memory corruption vulnerabilities\n4. A stack-based buffer-overflow vulnerability\n5. A buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code, access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory, bypass authentication mechanism and perform unauthorized actions. Failed exploit attempts will likely cause denial-of-service conditions. \nABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7232",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "153403",
"trust": 2.2
},
{
"db": "BID",
"id": "108886",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-19475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2346",
"trust": 0.6
},
{
"db": "IVD",
"id": "A5651A95-B140-4C44-A968-4865E74D773B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"id": "VAR-201906-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
}
],
"trust": 1.66666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
}
]
},
"last_update_date": "2023-12-18T12:28:14.407000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Vulnerabilities in ABB PB610",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABBPB610IDALHTTPserver Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165543"
},
{
"title": "ABB PB610 IDAL HTTP server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "NVD",
"id": "CVE-2019-7232"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://packetstormsecurity.com/files/153403/abb-idal-http-server-stack-based-buffer-overflow.html"
},
{
"trust": 2.5,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 2.2,
"url": "https://www.darkmatter.ae/xen1thlabs/published-advisories/"
},
{
"trust": 2.2,
"url": "http://seclists.org/fulldisclosure/2019/jun/40"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108886"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7232"
},
{
"trust": 0.9,
"url": "https://new.abb.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7232"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2346/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"date": "2019-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108886"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"date": "2019-06-24T17:15:10.447000",
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19475"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108886"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005889"
},
{
"date": "2022-11-30T21:41:16.433000",
"db": "NVD",
"id": "CVE-2019-7232"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PB610 IDAL HTTP server Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNVD",
"id": "CNVD-2019-19475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "a5651a95-b140-4c44-a968-4865e74d773b"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-904"
}
],
"trust": 0.8
}
}
VAR-201906-0217
Vulnerability from variot - Updated: 2023-12-18 12:28In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker. ABB IDAL FTP The server contains a path traversal vulnerability.Information may be obtained and information may be altered. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALFTPserver is one of the FTP (File Transfer Protocol) servers. A path traversal vulnerability exists in IDALFTPserver in ABBPB610. The vulnerability stems from a network system or product failing to properly filter specific elements in a resource or file path. An attacker could exploit this vulnerability to access a location outside of a restricted directory. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. A directory-traversal vulnerability 3. Multiple memory corruption vulnerabilities 4. A stack-based buffer-overflow vulnerability 5. Failed exploit attempts will likely cause denial-of-service conditions. ABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pb610 panel builder 600",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "pb610 panel builder 600",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.367"
},
{
"model": "pb610 panel builder 600",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "pb610 panel builder",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "6002.8.0.424"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610 panel builder 600",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "NVD",
"id": "CVE-2019-7227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_panel_builder_600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.367",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610_panel_builder_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eldar Marcussen,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7227",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-19479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7227",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7227",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-892",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-7227",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "VULMON",
"id": "CVE-2019-7227"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with \"CWD ../\" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker. ABB IDAL FTP The server contains a path traversal vulnerability.Information may be obtained and information may be altered. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. IDALFTPserver is one of the FTP (File Transfer Protocol) servers. A path traversal vulnerability exists in IDALFTPserver in ABBPB610. The vulnerability stems from a network system or product failing to properly filter specific elements in a resource or file path. An attacker could exploit this vulnerability to access a location outside of a restricted directory. ABB PB610 Panel Builder 600 is prone to the following vulnerabilities:\n1. An authentication-bypass vulnerability\n2. A directory-traversal vulnerability\n3. Multiple memory corruption vulnerabilities\n4. A stack-based buffer-overflow vulnerability\n5. Failed exploit attempts will likely cause denial-of-service conditions. \nABB PB610 Panel Builder 600 version 1.91 through 2.8.0.367 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "VULMON",
"id": "CVE-2019-7227"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7227",
"trust": 3.6
},
{
"db": "BID",
"id": "108886",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "153396",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-19479",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019060157",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2346",
"trust": 0.6
},
{
"db": "IVD",
"id": "4EBF8AFA-E0AC-4426-9433-E6E1B8E57CCC",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-7227",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "VULMON",
"id": "CVE-2019-7227"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"id": "VAR-201906-0217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
}
],
"trust": 1.66666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
}
]
},
"last_update_date": "2023-12-18T12:28:14.258000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Vulnerabilities in ABB PB610",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "ABBPB610IDALFTPserver path traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165545"
},
{
"title": "ABB PB610 IDAL FTP server Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94027"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "NVD",
"id": "CVE-2019-7227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153396/abb-idal-ftp-server-path-traversal.html"
},
{
"trust": 2.0,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/108886"
},
{
"trust": 1.7,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-path-traversal-vulnerability-xl-19-008/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/jun/37"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7227"
},
{
"trust": 0.9,
"url": "https://new.abb.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7227"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019060157http"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2346/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "VULMON",
"id": "CVE-2019-7227"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"db": "VULMON",
"id": "CVE-2019-7227"
},
{
"db": "BID",
"id": "108886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7227"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108886"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"date": "2019-06-27T16:15:12.243000",
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19479"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7227"
},
{
"date": "2019-06-13T00:00:00",
"db": "BID",
"id": "108886"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005796"
},
{
"date": "2022-11-30T21:41:40.823000",
"db": "NVD",
"id": "CVE-2019-7227"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PB610 IDAL FTP server Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNVD",
"id": "CNVD-2019-19479"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4ebf8afa-e0ac-4426-9433-e6e1b8e57ccc"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-892"
}
],
"trust": 0.8
}
}
VAR-202003-1795
Vulnerability from variot - Updated: 2022-05-17 01:45ABB PB610 is a software designed by Swiss ABB for the CP600 control panel platform.
The ABB PB610 full range of products has an information disclosure vulnerability, which can be used by attackers to obtain sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1795",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pb610",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-21540",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2020-21540",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
},
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PB610 is a software designed by Swiss ABB for the CP600 control panel platform.\n\r\n\r\nThe ABB PB610 full range of products has an information disclosure vulnerability, which can be used by attackers to obtain sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-21540",
"trust": 0.8
},
{
"db": "IVD",
"id": "BA647BE1-8BC4-48D0-A307-6E704F6CF7B3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
},
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"id": "VAR-202003-1795",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
},
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
],
"trust": 1.6333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
},
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"last_update_date": "2022-05-17T01:45:06.024000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB PB610 full range of products have information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/199827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
},
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-22T00:00:00",
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
},
{
"date": "2020-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-21540"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB PB610 full range of products have information disclosure vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-21540"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information leakage",
"sources": [
{
"db": "IVD",
"id": "ba647be1-8bc4-48d0-a307-6e704f6cf7b3"
}
],
"trust": 0.2
}
}