VAR-201902-0642
Vulnerability from variot - Updated: 2023-12-18 13:18The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. ABB CP400 Panel Builder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB CP400PB is a set of human interface programming software from ABB, Switzerland. TextEditor is one of the text editors. An attacker could exploit the vulnerability to execute arbitrary code and cause a denial of service. ABB CP400 Panel Builder TextEditor is prone to a local code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. The following products are vulnerable: CP400 Panel BuilderTextEditor 2.0 CP400PB 2.0.7.05 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0642",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp400pb",
"scope": "lte",
"trust": 1.8,
"vendor": "abb",
"version": "2.0.7.05"
},
{
"model": "cp400pb",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=2.0.7.05"
},
{
"model": "cp400pb",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "2.0.7.05"
},
{
"model": "cp400 panel builder texteditor",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "2.0"
},
{
"model": "cp400pb",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "2.1.7.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp400pb",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp400pb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.7.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp400pb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchez of NullCode",
"sources": [
{
"db": "BID",
"id": "106658"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-19008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-19834",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "682ff012-276f-40be-bbf5-d5593dbc364f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-129624",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-19008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19008",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19834",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-741",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-129624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn\u0027t properly prevent the insertion of specially crafted files which could allow arbitrary code execution. ABB CP400 Panel Builder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB CP400PB is a set of human interface programming software from ABB, Switzerland. TextEditor is one of the text editors. An attacker could exploit the vulnerability to execute arbitrary code and cause a denial of service. ABB CP400 Panel Builder TextEditor is prone to a local code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. \nThe following products are vulnerable:\nCP400 Panel BuilderTextEditor 2.0\nCP400PB 2.0.7.05 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "VULHUB",
"id": "VHN-129624"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19008",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-017-02",
"trust": 2.8
},
{
"db": "BID",
"id": "106658",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19834",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499",
"trust": 0.8
},
{
"db": "IVD",
"id": "682FF012-276F-40BE-BBF5-D5593DBC364F",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98815",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129624",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"id": "VAR-201902-0642",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
}
]
},
"last_update_date": "2023-12-18T13:18:49.918000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "ABB CP400PB TextEditor input patch for verification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165659"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106658"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19008"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19008"
},
{
"trust": 0.6,
"url": "https://new.abb.com/products/abb1sap500400r0001"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-02 "
},
{
"trust": 0.3,
"url": "https://search.abb.com/library/download.aspx?documentid=3bse091042\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"db": "VULHUB",
"id": "VHN-129624"
},
{
"db": "BID",
"id": "106658"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"date": "2019-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-129624"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106658"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"date": "2019-02-13T21:29:00.300000",
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"date": "2019-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19834"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129624"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106658"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014499"
},
{
"date": "2019-10-09T23:37:35.707000",
"db": "NVD",
"id": "CVE-2018-19008"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106658"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB CP400PB TextEditor Input validation vulnerability",
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNVD",
"id": "CNVD-2019-19834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "682ff012-276f-40be-bbf5-d5593dbc364f"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-741"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…