PT-2019-15746 · Abb · Abb Pb610 Panel Builder 600

Published

2019-12-18

Updated

2019-12-31

CVE-2019-18995

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier

Description The issue is related to the HMISimulator component, which fails to validate the content-length field for HTTP requests. This exposes HMISimulator to denial of service via crafted HTTP requests that manipulate the content-length setting.

Recommendations For ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier, consider restricting access to the HMISimulator component until a fix is available. As a temporary workaround, avoid using the HMISimulator component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-18995

Affected Products

Abb Pb610 Panel Builder 600

PT-2019-15746 · Abb · Abb Pb610 Panel Builder 600

CVE-2019-18995

Weakness Enumeration

Related Identifiers

Affected Products

References · 3