PT-2019-4282 · Abb · Abb Power Generation Information Manager+1

Publicado

2019-11-25

Atualizado

2021-10-29

CVE-2019-18250

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ABB Power Generation Information Manager (PGIM) and Plant Connect (affected versions not specified)

Description The issue is related to insufficient protection of registration data, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. This can be exploited by an attacker to gain unauthorized access to the device's account data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass Using an Alternate Path or Channel

Insufficiently Protected Credentials

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288CWE-522CWE-287

Identificadores relacionados

BDU:2019-04889

CVE-2019-18250

Produtos afetados

Abb Power Generation Information Manager

Plant Connect

PT-2019-4282 · Abb · Abb Power Generation Information Manager+1

CVE-2019-18250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5