CVE-2019-18994

Name of the Vulnerable Software and Affected Versions ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier

Description The issue arises due to a lack of file length check in the HMIStudio component, causing it to crash when attempting to load an empty *.JPR application file. An attacker with access to the file system could potentially exploit this to cause application malfunction, such as denial of service.

Recommendations For versions 2.8.0.424 and earlier, consider implementing a file length check before loading *.JPR application files to prevent the HMIStudio component from crashing. As a temporary workaround, restrict access to the file system to minimize the risk of exploitation.