VAR-201906-0219
Vulnerability from variot - Updated: 2023-12-18 14:00The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. ABB CP635 HMI Vulnerabilities related to certificate validation exist in the firmware and software components of.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBCP635HMI is a human-machine interface control panel from ABB, Switzerland. A security vulnerability exists in ABBCP635HMI due to the failure of the transport method to use any form of encryption or the reliability check of the binary of the new HMI software. An attacker could exploit the vulnerability to control the HMI or execute arbitrary code on the system. Multiple ABB Products are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploits will lead to other attacks. ABB CP635 HMI and CP651 HMI could allow a remote malicious user to execute arbitrary code on the system, caused by the lack of encryption for transmission methods
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp630",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.0.8.424"
},
{
"model": "board support package un31",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.31"
},
{
"model": "cp620",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "cp635",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "cp630-web",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "cp635-web",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "cp635-b",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "cp620-web",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "2.8.0.424"
},
{
"model": "bsp un31",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp620",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp620-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp630-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-b",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635-web",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "cp635 hmi",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "cp635-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635-b",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp635",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp630",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620-web",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "cp620",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "board support package un31",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp620 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp630 web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 b",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp635 web",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "BID",
"id": "108885"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "NVD",
"id": "CVE-2019-7229"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:board_support_package_un31:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp620-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp620-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.8.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp630-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp630-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:cp635-web_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0.424",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:cp635-web:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xen1thLabs.,xen1thLabs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7229",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-19478",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0707a151-efa2-4564-b56f-95cf91c0da88",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-158664",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7229",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7229",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-19478",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-893",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158664",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7229",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "VULHUB",
"id": "VHN-158664"
},
{
"db": "VULMON",
"id": "CVE-2019-7229"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: \"Utilization of USB/SD Card to flash the device\" and \"Remote provisioning process via ABB Panel Builder 600 over FTP.\" Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. ABB CP635 HMI Vulnerabilities related to certificate validation exist in the firmware and software components of.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABBCP635HMI is a human-machine interface control panel from ABB, Switzerland. A security vulnerability exists in ABBCP635HMI due to the failure of the transport method to use any form of encryption or the reliability check of the binary of the new HMI software. An attacker could exploit the vulnerability to control the HMI or execute arbitrary code on the system. Multiple ABB Products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploits will lead to other attacks. ABB CP635 HMI and CP651 HMI could allow a remote malicious user to execute arbitrary code on the system, caused by the lack of encryption for transmission methods",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "BID",
"id": "108885"
},
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "VULHUB",
"id": "VHN-158664"
},
{
"db": "VULMON",
"id": "CVE-2019-7229"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7229",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "153387",
"trust": 1.8
},
{
"db": "BID",
"id": "108885",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201906-893",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-19478",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019060156",
"trust": 0.6
},
{
"db": "IVD",
"id": "0707A151-EFA2-4564-B56F-95CF91C0DA88",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158664",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7229",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "VULHUB",
"id": "VHN-158664"
},
{
"db": "VULMON",
"id": "CVE-2019-7229"
},
{
"db": "BID",
"id": "108885"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"id": "VAR-201906-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "VULHUB",
"id": "VHN-158664"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
}
]
},
"last_update_date": "2023-12-18T14:00:53.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Vulnerabilities in ABB CP635 HMI",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Multiple Vulnerabilities in ABB CP651 HMI",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "ABBHMIMissing certification bypasses the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/165547"
},
{
"title": "ABB CP635 HMI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94028"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-494",
"trust": 1.0
},
{
"problemtype": "CWE-295",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158664"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "NVD",
"id": "CVE-2019-7229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/153387/abb-hmi-missing-signature-verification.html"
},
{
"trust": 2.0,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/jun/34"
},
{
"trust": 1.8,
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7229"
},
{
"trust": 0.9,
"url": "http://www.abb.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7229"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2019060156http"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108885"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010376\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=3adr010402\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162884"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "VULHUB",
"id": "VHN-158664"
},
{
"db": "VULMON",
"id": "CVE-2019-7229"
},
{
"db": "BID",
"id": "108885"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"db": "VULHUB",
"id": "VHN-158664"
},
{
"db": "VULMON",
"id": "CVE-2019-7229"
},
{
"db": "BID",
"id": "108885"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"date": "2019-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158664"
},
{
"date": "2019-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7229"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108885"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"date": "2019-06-24T18:15:11.107000",
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-19478"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158664"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7229"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108885"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005968"
},
{
"date": "2022-01-01T20:17:29.470000",
"db": "NVD",
"id": "CVE-2019-7229"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB HMI Missing Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0707a151-efa2-4564-b56f-95cf91c0da88"
},
{
"db": "CNVD",
"id": "CNVD-2019-19478"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-893"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…