CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 3CVE-2019-7227 – ABB IDAL FTP Server Path Traversal
https://notcve.org/view.php?id=CVE-2019-7227
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker. En el servidor FTP de ABB IDAL, un atacante identificado puede pasar a directorios arbitrarios en el disco duro con "CWD ../" y luego usar la funcionalidad del servidor FTP para descargar y cargar archivos. Un atacante no autenticado puede aprovechar el par de credenciales codificado o predeterminado exor / exor para convertirse en un atacante autorizado. The IDAL FTP server fails to ensure that directory change requests do not change to locations outside of the FTP servers root directory. • http://packetstormsecurity.com/files/153396/ABB-IDAL-FTP-Server-Path-Traversal.html http://seclists.org/fulldisclosure/2019/Jun/37 http://www.securityfocus.com/bid/108886 https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-path-traversal-vulnerability-xl-19-008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 2CVE-2019-7231 – ABB IDAL FTP Server Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-7231
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that terminates the server. El servidor FTP IDAL de ABB, es vulnerable a un desbordamiento de búfer cuando una cadena larga es enviada por un atacante autenticado. Este desbordamiento es manejado, pero finaliza el proceso. • http://packetstormsecurity.com/files/153395/ABB-IDAL-FTP-Server-Buffer-Overflow.html http://seclists.org/fulldisclosure/2019/Jun/35 http://www.securityfocus.com/bid/108886 https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch https://www.darkmatter.ae/xen1thlabs/published-advisories • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •