HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2019-7228

CVSS 8.8v3.1pub. 2019-06-27upd. 2024-11-21

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Abb Pb610 Panel Builder 600

    HW
    Abb
    wszystkie wersje
  • Abb Pb610 Panel Builder 600 Firmware

    OS
    Abb
    1.91 – 2.8.0.367
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-18996HIGH7.1ten sam produkt

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs...

CVE-2019-7226HIGH8.8ten sam produkt

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authen...

CVE-2019-7227HIGH7.3ten sam produkt

In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk w...

CVE-2019-7232HIGH8.8ten sam produkt

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. ...

CVE-2019-7230HIGH8.8ten sam produkt

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting ...

CVE-2019-7228 β€” Abb β€” Pb610 Panel Builder 600 β€” HIGH β€” CVSS 8.8 | CVEbaza.pl