PT-2019-15747 · Abb · Abb Pb610 Panel Builder 600
Published
2019-12-18
·
Updated
2023-02-03
·
CVE-2019-18996
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier
Description
The issue concerns the HMIStudio component of ABB PB610 Panel Builder 600, where path settings accept DLLs from outside the program directory. This could potentially allow an attacker with local file system access to execute code within the application's context.
Recommendations
For ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier, consider restricting the path settings in the HMIStudio component to only accept DLLs from within the program directory until a fix is available.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abb Pb610 Panel Builder 600