Vulnerability-Lookup

CNVD-2019-19830

Vulnerability from cnvd - Published: 2019-06-28

Title

ABB PB610 IDAL HTTP server身份验证漏洞

Description

ABB PB610是瑞士ABB公司的一款为CP600控制面板平台设计图形用户界面的软件。IDAL HTTP server是其中的一个HTTP（超文本传输协议）服务器。 ABB PB610中的IDAL HTTP server存在安全漏洞。攻击者可利用该漏洞绕过身份验证并获取被限制功能的访问权限。

Severity

中

Patch Name

ABB PB610 IDAL HTTP server身份验证漏洞的补丁

Patch Description

ABB PB610是瑞士ABB公司的一款为CP600控制面板平台设计图形用户界面的软件。IDAL HTTP server是其中的一个HTTP（超文本传输协议）服务器。 ABB PB610中的IDAL HTTP server存在安全漏洞。攻击者可利用该漏洞绕过身份验证并获取被限制功能的访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://library.e.abb.com/public/b0021d2ab9ba4e3ab14d7c2796f5908e/ABB-Advisory_3ADR010377_2.pdf

Reference

https://www.securityfocus.com/bid/108886 https://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html

Impacted products

Name
['ABB PB610 Panel Builder 600 2.8.0.367', 'ABB PB610 Panel Builder 600 1.91']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "108886"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7226"
    }
  },
  "description": "ABB PB610\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u6b3e\u4e3aCP600\u63a7\u5236\u9762\u677f\u5e73\u53f0\u8bbe\u8ba1\u56fe\u5f62\u7528\u6237\u754c\u9762\u7684\u8f6f\u4ef6\u3002IDAL HTTP server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\uff08\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae\uff09\u670d\u52a1\u5668\u3002\n\nABB PB610\u4e2d\u7684IDAL HTTP server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u5e76\u83b7\u53d6\u88ab\u9650\u5236\u529f\u80fd\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Xen1thLabs",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://library.e.abb.com/public/b0021d2ab9ba4e3ab14d7c2796f5908e/ABB-Advisory_3ADR010377_2.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-19830",
  "openTime": "2019-06-28",
  "patchDescription": "ABB PB610\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4e00\u6b3e\u4e3aCP600\u63a7\u5236\u9762\u677f\u5e73\u53f0\u8bbe\u8ba1\u56fe\u5f62\u7528\u6237\u754c\u9762\u7684\u8f6f\u4ef6\u3002IDAL HTTP server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\uff08\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae\uff09\u670d\u52a1\u5668\u3002\r\n\r\nABB PB610\u4e2d\u7684IDAL HTTP server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u5e76\u83b7\u53d6\u88ab\u9650\u5236\u529f\u80fd\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ABB PB610 IDAL HTTP server\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ABB PB610 Panel Builder 600 2.8.0.367",
      "ABB PB610 Panel Builder 600 1.91"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/108886\r\nhttps://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-28",
  "title": "ABB PB610 IDAL HTTP server\u8eab\u4efd\u9a8c\u8bc1\u6f0f\u6d1e"
}

CVE-2019-7226 (GCVE-0-2019-7226)

Vulnerability from cvelistv5 – Published: 2019-06-27 15:52 – Updated: 2024-08-04 20:46

Summary

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://seclists.org/fulldisclosure/2019/Jun/39	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/153402/ABB-I…	x_refsource_MISC
	http://www.securityfocus.com/bid/108886	vdb-entryx_refsource_BID
	https://www.darkmatter.ae/xen1thlabs/abb-idal-htt…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2019/Jun/39	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:44.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190624 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/39"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html"
          },
          {
            "name": "108886",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108886"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/"
          },
          {
            "name": "20190620 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass\tVulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/39"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in \"1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin\" or a similar response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T15:54:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20190624 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/39"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html"
        },
        {
          "name": "108886",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108886"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/"
        },
        {
          "name": "20190620 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass\tVulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/39"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in \"1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin\" or a similar response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190624 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jun/39"
            },
            {
              "name": "http://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153402/ABB-IDAL-HTTP-Server-Authentication-Bypass.html"
            },
            {
              "name": "108886",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108886"
            },
            {
              "name": "https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/",
              "refsource": "MISC",
              "url": "https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/"
            },
            {
              "name": "20190620 XL-19-010 - ABB IDAL HTTP Server Authentication Bypass\tVulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jun/39"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7226",
    "datePublished": "2019-06-27T15:52:12",
    "dateReserved": "2019-01-30T00:00:00",
    "dateUpdated": "2024-08-04T20:46:44.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-19830

CVE-2019-7226 (GCVE-0-2019-7226)

Tags

Sightings

Nomenclature