HIGH🇬🇧 English

CVE-2019-7228

CVSS 8.8v3.1pub. 2019-06-27upd. 2024-11-21

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Abb Pb610 Panel Builder 600

    HW
    Abb
    wszystkie wersje
  • Abb Pb610 Panel Builder 600 Firmware

    OS
    Abb
    1.91 – 2.8.0.367
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-18996HIGH7.1ten sam produkt

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs...

CVE-2019-7226HIGH8.8ten sam produkt

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authen...

CVE-2019-7227HIGH7.3ten sam produkt

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk w...

CVE-2019-7232HIGH8.8ten sam produkt

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. ...

CVE-2019-7230HIGH8.8ten sam produkt

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting ...