CVE-2018-10616

Name of the Vulnerable Software and Affected Versions ABB Panel Builder 800 all versions

Description The issue is related to improper input validation, which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. This can lead to remote code execution vulnerabilities. Various components and modules within the ABB Panel Builder 800 are affected, including those related to ModBus, TCP/IP addresses, and user settings. The vulnerability can be exploited through stack-based or heap-based buffer overflows, as well as format string vulnerabilities.

Recommendations As a temporary workaround, consider disabling the vulnerable components or restricting access to them until a patch is available. For versions that are affected by the improper input validation vulnerability, ensure that all inputs are properly validated and sanitized to prevent arbitrary code execution. Restrict access to the TCP IP Address and IPAddress parameters in the affected modules to minimize the risk of exploitation. Avoid using the UserSettings and CommandLineOptions in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.