CVE-2019-7228

ABB IDAL HTTP Server Uncontrolled Format String

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

El servidor HTTP ABB IDAL maneja las cadenas de formato en un nombre de usuario o cookie durante el proceso de identificación . Si se intenta autenticar con el nombre de usuario% 25s% 25p% 25x% 25n se bloqueará el servidor. Al enviar% 08x.AAAA.% 08x.% 08x se registrará el contenido de la memoria de la pila.

The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username "%25s%25p%25x%25n" will crash the server. Sending "%08x.AAAA.%08x.%08x" will log memory content from the stack.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-30 CVE Reserved
2019-06-24 CVE Published
2024-07-25 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-134: Use of Externally-Controlled Format String

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/108886	Third Party Advisory

URL	Date	SRC
http://packetstormsecurity.com/files/153404/ABB-IDAL-HTTP-Server-Uncontrolled-Format-String.html	2024-08-04
http://seclists.org/fulldisclosure/2019/Jun/43	2024-08-04
https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-uncontrolled-format-string-vulnerability-xl-19-012	2024-08-04

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch	2022-11-30

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abb Search vendor "Abb"	Pb610 Panel Builder 600 Firmware Search vendor "Abb" for product "Pb610 Panel Builder 600 Firmware"	>= 1.91 <= 2.8.0.367 Search vendor "Abb" for product "Pb610 Panel Builder 600 Firmware" and version " >= 1.91 <= 2.8.0.367"	-	Affected	in	Abb Search vendor "Abb"	Pb610 Panel Builder 600 Search vendor "Abb" for product "Pb610 Panel Builder 600"	-	-	Safe