PT-2019-15745 · Abb · Abb Pb610 Panel Builder 600

Published

2019-12-18

Updated

2019-12-31

CVE-2019-18994

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier

Description The issue arises due to a lack of file length check in the HMIStudio component, causing it to crash when attempting to load an empty *.JPR application file. An attacker with access to the file system could potentially exploit this to cause application malfunction, such as denial of service.

Recommendations For versions 2.8.0.424 and earlier, consider implementing a file length check before loading *.JPR application files to prevent the HMIStudio component from crashing. As a temporary workaround, restrict access to the file system to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-18994

Affected Products

Abb Pb610 Panel Builder 600

PT-2019-15745 · Abb · Abb Pb610 Panel Builder 600

CVE-2019-18994

Weakness Enumeration

Related Identifiers

Affected Products

References · 3