CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18994 – ABB PB610 HMIStudio crashes after launching an empty *.JPR application file
https://notcve.org/view.php?id=CVE-2019-18994
Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service. Debido a la falta de comprobación de la longitud del archivo, el componente HMIStudio de ABB PB610 Panel Builder 600 versiones 2.8.0.424 y anteriores, se bloquea al intentar cargar un archivo de aplicación *.JPR vacío. Un atacante con acceso al sistema de archivos podría ser capaz de causar un mal funcionamiento de la aplicación, tal y como una denegación de servicio. • http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18995 – ABB PB610 HMISimulator does not check content-length of the HTTP request
https://notcve.org/view.php?id=CVE-2019-18995
The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting. El componente HMISimulator de ABB PB610 Panel Builder 600 versiones 2.8.0.424 y anteriores, no comprueba el campo de longitud de contenido para peticiones HTTP, exponiendo HMISimulator a una denegación de servicio por medio de peticiones HTTP diseñadas que manipulan la configuración de longitud de contenido. • http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18250
https://notcve.org/view.php?id=CVE-2019-18250
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. En todas las versiones de ABB Power Generation Information Manager (PGIM) y Plant Connect, el producto afectado es vulnerable a una omisión de autenticación, lo que puede permitir a un atacante omitir remotamente la autenticación y extraer credenciales del dispositivo afectado. • https://iotsecuritynews.com/abb-power-generation-information-manager-pgim-and-plant-connect https://www.us-cert.gov/ics/advisories/icsa-19-318-05 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 3CVE-2019-7228 – ABB IDAL HTTP Server Uncontrolled Format String
https://notcve.org/view.php?id=CVE-2019-7228
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack. El servidor HTTP ABB IDAL maneja las cadenas de formato en un nombre de usuario o cookie durante el proceso de identificación . Si se intenta autenticar con el nombre de usuario% 25s% 25p% 25x% 25n se bloqueará el servidor. • http://packetstormsecurity.com/files/153404/ABB-IDAL-HTTP-Server-Uncontrolled-Format-String.html http://seclists.org/fulldisclosure/2019/Jun/43 http://www.securityfocus.com/bid/108886 https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-uncontrolled-format-string-vulnerability-xl-19-012 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-7232 – ABB IDAL HTTP Server Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-7232
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server. El servidor HTTP IDAL ABB, es vulnerable a un desbordamiento de búfer cuando se envía un encabezado Host largo en una petición web. El valor del encabezado Host desborda un búfer y sobrescribe una dirección Structured Exception Handler (SEH). • http://packetstormsecurity.com/files/153403/ABB-IDAL-HTTP-Server-Stack-Based-Buffer-Overflow.html http://seclists.org/fulldisclosure/2019/Jun/40 http://www.securityfocus.com/bid/108886 https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch https://www.darkmatter.ae/xen1thlabs/published-advisories • CWE-787: Out-of-bounds Write •