VAR-201906-0215
Vulnerability from variot - Updated: 2023-12-18 12:28The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device.
Affected systems
CP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior CP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior CP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior CP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior CP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior CP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior CP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior CP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior PB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior CP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior CP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior CP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior CP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior CP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior CP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior CP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior
Solution
Apply the patches or changes recommended by the vendor in their vulnerability advisories: - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch
Disclosure timeline
04/02/2019 - Contacted ABB requesting disclosure coordination 05/02/2019 - Provided vulnerability details 05/06/2019 - Patch available 17/06/2019 - xen1thLabs public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp635-b",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp676-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.3674"
},
{
"model": "cp651",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp651-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "pb610",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "1.91"
},
{
"model": "cp676",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp661",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp630-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp665",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp635-web",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.76"
},
{
"model": "cp620",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp620-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-b",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp651-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp661",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6002.8.0.367"
},
{
"model": "pb610 panel builder",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "6001.91"
},
{
"model": "cp635-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635-b",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp661 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp665 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp676 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pb610",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp651 web",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:pb610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8.0.3674",
"versionStartIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:pb610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp661-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp661-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp665-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp665-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp676-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp676-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp651_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.76",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp651:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xen1thLabs,Xen1thLabs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-19833",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-158660",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7225",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7225",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158660",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool \"Panel Builder 600\" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. ABB HMI The component contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ABBPB610 is a software designed by ABB of Switzerland for the graphical user interface of the CP600 control panel platform. Multiple ABB Products are prone to a hard-coded credentials vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application, obtain sensitive information, cause denial-of-service conditions or execute arbitrary code on the affected system. The following products and versions are affected: ABB CP620 with firmware version 1.76 and earlier; ABB CP620-Web with firmware version 1.76 and earlier; ABB CP630 with firmware version 1.76 and earlier; ABB CP630-Web with firmware version 1.76 and earlier ; ABB CP635 with firmware version 1.76 and earlier; ABB CP635-B with firmware version 1.76 and earlier; ABB CP635-Web with firmware version 1.76 and earlier; ABB PB610 with firmware version 1.91 to 2.8.0.3674; ABB CP651-Web with firmware version 1.76 and earlier; ABB CP661 with firmware version 1.76 and earlier; ABB CP661-Web with firmware version 1.76 and earlier; ABB CP665-Web with firmware version 1.76 and earlier; ABB CP665 with firmware version 1.76 and earlier; ABB CP676-Web with firmware version 1.76 and earlier; ABB CP676 with firmware version 1.76 and earlier; ABB CP651 with firmware version 1.76 and earlier. Combining these actions can push malicious configuration and HMI code to the device. \n\n\nAffected systems\n----------------\nCP620, order code: 1SAP520100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP620, order code: 1SAP520100R4001, revision index G1 with BSP UN31 V1.76 and prior\nCP620-WEB, order code: 1SAP520200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630, order code: 1SAP530100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP630-WEB, order code: 1SAP530200R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R0001, revision index G1 with BSP UN31 V1.76 and prior\nCP635, order code: 1SAP535100R5001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-B, order code: 1SAP535100R2001, revision index G1 with BSP UN31 V1.76 and prior\nCP635-WEB, order code: 1SAP535200R0001, revision index G1 with BSP UN31 V1.76 and prior\nPB610 Panel Builder 600, order code: 1SAP500900R0101, versions 1.91 ... 2.8.0.3674CP651, order code: 1SAP551100R0001, revision index B1 with BSPUN30 V1.76 and prior\nCP651-WEB, order code: 1SAP551200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP661, order code: 1SAP561100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP661-WEB, order code: 1SAP561200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP665, order code: 1SAP565100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP665-WEB, order code: 1SAP565200R0001, revision index A0 with BSP UN30 V1.76 and prior\nCP676, order code: 1SAP576100R0001, revision index B1 with BSP UN30 V1.76 and prior\nCP676-WEB, order code: 1SAP576200R0001, revision index A0 with BSP UN30 V1.76 and prior\n\n\nSolution\n--------\nApply the patches or changes recommended by the vendor in their vulnerability advisories:\n - ABB CP635 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB PB610 - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n - ABB CP651 HMI - https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\n\nDisclosure timeline\n-------------------\n04/02/2019 - Contacted ABB requesting disclosure coordination\n05/02/2019 - Provided vulnerability details\n05/06/2019 - Patch available\n17/06/2019 - xen1thLabs public disclosure\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "PACKETSTORM",
"id": "153397"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7225",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "153397",
"trust": 2.4
},
{
"db": "BID",
"id": "108922",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-178-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19833",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019060154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2348",
"trust": 0.6
},
{
"db": "IVD",
"id": "81E5E7B5-957E-48A4-ADE8-19B359B65CB3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"id": "VAR-201906-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
}
],
"trust": 1.5566666599999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
}
]
},
"last_update_date": "2023-12-18T12:28:14.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
},
{
"title": "ABBHMIHardcodedCredentials file read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165657"
},
{
"title": "ABB PB610 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94029"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/153397/abb-hmi-hardcoded-credentials.html"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2019/jun/38"
},
{
"trust": 2.5,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108922"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-03"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7225"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-01"
},
{
"trust": 0.9,
"url": "http://www.abb.com/"
},
{
"trust": 0.9,
"url": "https://library.e.abb.com/public/6b454c20b3a2445ea148a07c46a2f85c/abb-advisory_3adr010376.pdf"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019060154"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2348/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010377\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"db": "VULHUB",
"id": "VHN-158660"
},
{
"db": "BID",
"id": "108922"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"db": "PACKETSTORM",
"id": "153397"
},
{
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "IVD",
"id": "81e5e7b5-957e-48a4-ade8-19b359b65cb3"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2019-06-21T18:32:22",
"db": "PACKETSTORM",
"id": "153397"
},
{
"date": "2019-06-27T17:15:15.770000",
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19833"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158660"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108922"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006087"
},
{
"date": "2023-05-16T11:15:00.720000",
"db": "NVD",
"id": "CVE-2019-7225"
},
{
"date": "2020-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB HMI Vulnerability in using hard-coded credentials in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-894"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…